cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6099
Views
0
Helpful
3
Replies

SSH and Telnet Access List for Catalyst 4503

rhopkins_nci
Level 1
Level 1

I was wondering the command structure for applying an access list for ssh and telnet on a catalyst 4503. I would like an access list for the inside and outside. Can you allow two different ip's from the outside? Thanks

1 Accepted Solution

Accepted Solutions

chickman
Level 1
Level 1

You'll need to create an access list that states the networks/hosts you want to allow.

-Example

access-list 10 permit 10.10.1.10

access-list 10 permit 10.10.2.10

access-list 10 permit 127.1.0.0 0.0.255.255

access-list 10 permit 192.168.1.0 0.0.0.255

Then you want to place this access list on the VTY interfaces.

-Example

line vty 0 4

access-class 10 in

transport input ssh * if you only want SSH *

line vty 5 15

access-class 10 in

transport input ssh * same as above *

Now you can do this all with *line vty 0 15* but, this gives you a better idea of what is going on. This is a pretty simplistic setup. Keep in mind that it is best practice to only allow ssh. If you want to allow both, leave the *transport input ssh* off the configuration.

I hope this gives you an idea of the structure. If not, let me know.

View solution in original post

3 Replies 3

sachinraja
Level 9
Level 9

hello hopkins

You can allow any number of networks , subnets or hosts to access your switch from outside.. it all depends on what you are configuring on the Permit statements on the ACL.. If the end hosts, have IP reachability and login access and are allowed on the ACL, i dont think there will be any issues accessing the box..

Hope this helps.. all the best. rate replies if found useful.

Raj

chickman
Level 1
Level 1

You'll need to create an access list that states the networks/hosts you want to allow.

-Example

access-list 10 permit 10.10.1.10

access-list 10 permit 10.10.2.10

access-list 10 permit 127.1.0.0 0.0.255.255

access-list 10 permit 192.168.1.0 0.0.0.255

Then you want to place this access list on the VTY interfaces.

-Example

line vty 0 4

access-class 10 in

transport input ssh * if you only want SSH *

line vty 5 15

access-class 10 in

transport input ssh * same as above *

Now you can do this all with *line vty 0 15* but, this gives you a better idea of what is going on. This is a pretty simplistic setup. Keep in mind that it is best practice to only allow ssh. If you want to allow both, leave the *transport input ssh* off the configuration.

I hope this gives you an idea of the structure. If not, let me know.

Thanks for the reply this really helps,RT.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: