Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

Access-list for VTY line

msaltunsaray
Level 1
Level 1

‎05-17-2018 04:03 AM - edited ‎03-05-2019 10:28 AM

Hi experts,

I would like to create an access-list and use it for vty line. The purpose is allow ssh traffic for only specific subnet and host.

 

I have created one as below.

 

configure terminal

ip access-list extended ABC

permit tcp 10.0.0.0 0.0.0.255

permit tcp 192.168.1.1 0.0.0.0

deny tcp any any

 

line vty 0 4

access-class ABC

 

Is that correct?

 

Thanks in advance

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎05-17-2018 05:24 AM

The syntax of your ACL is not correct for an extended ACL. But if you use a standard ACL and remove the protocol, it should be fine:

ip access-list standard ABC
 permit 10.0.0.0 0.0.0.255
 permit  host 192.168.1.1
 deny any
!
line vty 0 4
 access-class ABC in
0 Helpful

Julio E. Moisa
VIP
VIP

‎05-17-2018 05:46 AM

Hi

Additional to Karsten comment, the deny line (correcting it as well) could not be required, because there is an implicit deny already into the ACL.

 

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card