01-27-2009 03:03 AM - edited 03-10-2019 04:18 PM
Applying the below to a Catalyst 3560 switch, I can only telnet/ssh using 10.1.0.1. Host 10.1.0.50 telnet/ssh is blocked.
Please advise.
access-list 101 permit host 10.1.0.1 any eg 22
access-list 101 permit host 10.1.0.1 any eg 23
access-list 101 permit host 10.1.0.50 any eg 22
access-list 101 permit host 10.1.0.50 any eg 22
line vty 0 4
access-class 101 in
01-27-2009 07:21 AM
Try using a standard access list.
access-list 10 permit host 10.1.0.1
access-list 10 permit host 10.1.0.50
line vty 0 4
access-class 10 in
Hope that helps.
01-28-2009 02:36 PM
Colm
If the first two lines work then I would expect the second two lines to also work. My first thought is that there may be some difference in what is actually configured and what you posted (especially since it is obvious that you just typed in the access list and did not copy it from the device config - the missing TCP parameter in the access list shows that. So copy the access list exactly from the device and post it.
Other possibilities that occur to me:
- is it possible that there is some IP connectivity issue which prevents 10.1.0.50 from connecting (or prevents responses from going back)?
- is it possible that there are interface access lists which prevent the connection?
Collin
While I agree with you that it is generally better to use standard access lists with access-class, I do not believe that changing from extended to standard access list will solve this problem. If the problem were the extended access list then how does 10.1.0.1 work?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide