Block Telnet/SSH

colmgrier · ‎01-27-2009

Applying the below to a Catalyst 3560 switch, I can only telnet/ssh using 10.1.0.1. Host 10.1.0.50 telnet/ssh is blocked.

Please advise.

access-list 101 permit host 10.1.0.1 any eg 22

access-list 101 permit host 10.1.0.1 any eg 23

access-list 101 permit host 10.1.0.50 any eg 22

line vty 0 4

access-class 101 in

Collin Clark · ‎01-27-2009

Try using a standard access list.

access-list 10 permit host 10.1.0.1

access-list 10 permit host 10.1.0.50

line vty 0 4

access-class 10 in

Hope that helps.

Richard Burts · ‎01-28-2009

Colm

If the first two lines work then I would expect the second two lines to also work. My first thought is that there may be some difference in what is actually configured and what you posted (especially since it is obvious that you just typed in the access list and did not copy it from the device config - the missing TCP parameter in the access list shows that. So copy the access list exactly from the device and post it.

Other possibilities that occur to me:

- is it possible that there is some IP connectivity issue which prevents 10.1.0.50 from connecting (or prevents responses from going back)?

- is it possible that there are interface access lists which prevent the connection?

Collin

While I agree with you that it is generally better to use standard access lists with access-class, I do not believe that changing from extended to standard access list will solve this problem. If the problem were the extended access list then how does 10.1.0.1 work?

HTH

Rick

HTH

Rick