VTY - Extended ACL with destination address

Unanswered Question
Jan 24th, 2009


Is it possible to apply extended ACL to vty lines with specific destination address on Cat6500 12.2(33).

I have noticed that destination address is not effective even though it allows to configure.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Edison Ortiz Sat, 01/24/2009 - 10:55

You are allowing/denying access to the VTY lines.

VTY lines have no IP address so what's the benefit to include the destination?

If you want to allow/deny telnet via some interfaces, you need to implement the ACL on those interfaces (source/destination) if needed.




cisco_lite Sat, 01/24/2009 - 12:40


So does it mean, I would need to allow access at two points (in case of allowance). 1) permit source on the vty via access-class 2) permit source on specific destination interface (SVI) on the interface access-list.

Please correct me if I am wrong.


This Discussion