Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP access-class question

Good morning all. I have SwitchA (2950) and SwitchB (2950) connected via crossover. VLAN1 configs are as follows...

SwitchA - ip add

SwitchB - ip add

ip add sec

SwitchA has the following access-list configured

access-list 1 permit host

ip access-class vty 0 15 in

When I try to telnet to SwitchA from SwitchB, I get denied. I used the following command /source-interface vlan1

Is there a way to force telnet to use secondary ip address as the source instead of the interface to bypass the access-class block?

Hall of Fame Super Bronze

Re: IP access-class question

No, you can't source from a secondary ip address when using the source-interface option within telnet.

I don't have a 2950 at the moment to test, but instead of creating a secondary IP address on Vlan1, can you create a loopback ?

New Member

Re: IP access-class question

Thanks for that clarification. I'll have to try the loopback solution next week. Thanks again.

Hall of Fame Super Silver

Re: IP access-class question


The 2950 switch is a layer 2 switch and as such I believe that it does not support the concept of loopback interface.

also I note that the syntax in your post is incorrect. Instead of this:

ip access-class vty 0 15 in

you would need this:

line vty 0 15

access-class 1 in

If you are trying to telnet from 1 layer 2 switch to another layer 2 switch I do not believe that you will be able to use secondary addressing.

I am not clear why you are attempting to use secondary addressing in this. If you want to permit one layer 2 switch to telnet to the other layer 2 switch why not just permit its management interface? Perhaps if you explain your environment and what you are trying to accomplish we might be able to help find a way to achieve it.



New Member

Re: IP access-class question


Thanks for catching my error in syntax. I did input it correctly in my lab though. There is/was no particular need for me doing that. The environment is stictly a lab (3 routers and 3 switches) and I was just playing with the access-class command. Was just curious if it could be done. Thanks for the reply! (I learn more from these forums than I would've thought!)