I have one L3 switch with two vlan interfaces 10.1.1.1 and 188.8.131.52. On the same switches two hosts are there in each vlan. Now I want that only 10.1.1.11 can telnet the switch from the vlan interface IP's (10.1.1.1 and 184.108.40.206)
I wrote access list
access-list 101 permit tcp host 10.1.1.11 host 10.1.1.1 eq 23
access-list 101 permit tcp host 10.1.1.11 host 220.127.116.11 eq 23
and applied it as
line vty 0 4
access-class 101 in
but none of the host is able to connect to switch but if I apply that as access-class 101 out then both systems get access.
None of the direction is achieving the goal and I want to use exteneded list only becaue when I use std list as access-list 1 permit 10.1.1.1 and apply to line as access-class 1 in goal is achived..
Please suggest abt the extended list behavioue to perform this task
I made a search in netpro using topright search button.
most of examples provided by colleagues use an any destination when using extended ACL in access-class in command
I'm afraid this is a limitation on using extended ACLs for access-class.
I remember a thread where Rick Burts explained this.
I usually configure a standard ACL for access-class.
see this from John Blakley
Hope to help