I have a need to modify telnet security in my network. I have only 3 remotes hosts witch can telnet WAN routers. An access-list was configured and actived under vty lines: access list with 3 remotes hosts.
I want to autorize telnet access from the LAN (one host or all the LAN), thus the operation is complicated and difficult (more than 400 routers) to modify the ACL in all devices.
I have an idea if i change the direction of the ACL under vty :
access class 101 OUT instead of in.
I'm asking if this can resolve the issue and giving the same level of security as "IN".
Does someone know how to do without affecting or doing more changes ?