Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Switch telnet control through acl or other means

Is there a possibility to limit telnet of pcs to core swithes with acl or other ways? I mean, for example, in a typical lan, two core layer 3 switches, server layer 2 access switches connected to both core switchers, my objective is to limit some of pcs connected to one layer 2 switche to telnet the core switches. I know i can use aaa authentication on core switches to chanllenge the action, my question is that, can i take some other means to limit the telnet based on port on layer 2 switches, for instance, 2950 switch, or to use extended acl on core switches to accomplish that?

any suggestion will be highly appreciated!


Cisco Employee

Re: Switch telnet control through acl or other means

You can limit by IP address who can login and who can't on both CatOS and IOS switches.

For IOS, just use an access-class on the VTY ports to limit what IP addresses can telnet in as follows:

> access-list 1 permit

> access-list 1 permit

> line vty 0 4

> access-class 1 in

For CatOS, you use an IP permit list as follows:

> set ip permit telnet

> set ip permit permit

> set ip permit enable telnet

Both the above scenarios allow and to telnet to the switch. You can allow more IP addresses just by adding more lines to your config. MAKE SURE you add your own IP address in otherwise you'll lock yourself out.

New Member

Re: Switch telnet control through acl or other means

Well, thanks. But can i do this by limit a certain subnet or specify a certain range of ip addresses, since the pcs get the ip addresses by DHCP.

CreatePlease login to create content