Topology:
Client <---> L2 <---> L3 <---> R1 <--- GRE ---> R2 <---> L3 <---> L2 <---> Client
The L3 is used as gateway on each VLAN, and is therefor doing intervlan routing.
VLAN topology on left side:
VLAN 10 - Client - 10.10.1.x
VLAN 20 - Server - 10.20.1.x
VLAN 30 - Voice - 10.30.1.x
VLAN 40 - MGT - 10.40.1.x
VLAN topology on left side:
VLAN 10 - Client - 10.10.2.x
VLAN 20 - Server - 10.20.2.x
VLAN 30 - Voice - 10.30.2.x
VLAN 40 - MGT - 10.40.2.x
Problem:
The L3 can be accessed with SSH on all the ip adresses assigned to the switch.
How can i restrict that access, so it only can be done on the ip adresse in VLAN40??
Any client should be able to SSH to any switch.
Things Tryed:
I have tryed adding a access-list on the left L3
access-list 99 permit 10.40.1.0 0.0.0.255
and assigning it to the VTY line.
line vty 0 4
access-class 99 in
Resulting in a connection refused on all addresses.