Re: Changing VTY ACL IP adddress

johnlloyd_13 · ‎06-18-2023

hi,

i'll be updating the NMS/host IP addresses in our Core router and switch VTY ACL.

just need advice if it's better to totally remove the VTY access-class, remove named VTY ACL and then re-apply?

or edit the named ACL with 'no 10 permit xx' while still VTY access-class is still applied?

M02@rt37 · ‎06-18-2023

There two approaches. Both can be valid, and the choice depends on your specific requirements and preferences. If you have a large number of entries in the VTY ACL or if you want to start with a clean configuration, removing and reapplying the VTY access-class and named ACL may be a better option [1]. On the other hand, if you have a small number of entries and want to make targeted changes, modifying the existing named ACL might be more convenient [2].

[1]

--Remove the existing VTY access-class from the configuration.

--Remove the named VTY ACL from the configuration.

--Update the named VTY ACL with the new NMS/host IP addresses.

--Reapply the named VTY ACL to the VTY lines in the configuration.

[2]

--Keep the VTY access-class applied to the VTY lines in the configuration.

--Use the "no" command to remove specific entries from the named VTY ACL that need to be updated (e.g., "no 10 permit xx").

--Add new entries to the named VTY ACL to allow access from the updated NMS/host IP addresses.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎06-19-2023

Remove VTY acl

The second approach is wrong

""or edit the named ACL with 'no 10 permit xx' while still VTY access-class is still applied?""

If you delete permit' then there are chances that you can not access anymore' there is deny any any in end of acl.