Access-list for VTY line

msaltunsaray · ‎05-17-2018

Hi experts,

I would like to create an access-list and use it for vty line. The purpose is allow ssh traffic for only specific subnet and host.

I have created one as below.

configure terminal

ip access-list extended ABC

permit tcp 10.0.0.0 0.0.0.255

permit tcp 192.168.1.1 0.0.0.0

deny tcp any any

line vty 0 4

access-class ABC

Is that correct?

Thanks in advance

Karsten Iwen · ‎05-17-2018

The syntax of your ACL is not correct for an extended ACL. But if you use a standard ACL and remove the protocol, it should be fine:

ip access-list standard ABC
 permit 10.0.0.0 0.0.0.255
 permit  host 192.168.1.1
 deny any
!
line vty 0 4
 access-class ABC in

Julio E. Moisa · ‎05-17-2018

Hi

Additional to Karsten comment, the deny line (correcting it as well) could not be required, because there is an implicit deny already into the ACL.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<