Olga_WTP_9300#show ru
Building configuration...

Current configuration : 16961 bytes
!
! Last configuration change at 06:44:07 UTC Fri Jul 28 2023 by century
! NVRAM config last updated at 06:44:08 UTC Fri Jul 28 2023 by century
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform punt-keepalive disable-kernel-core
!
hostname O_9300
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret
!
no aaa new-model
clock timezone UTC -5 0
switch 1 provision c9300-48t
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
ip routing
!
ip dhcp excluded-address 10.76.x.1 10.76.x.20
ip dhcp excluded-address 172.16.x.1 172.16.x.50
ip dhcp excluded-address 172.16.x.51 172.16.x.100
ip dhcp excluded-address 172.16.x.101 172.16.x.150
ip dhcp excluded-address 172.16.x.151 172.16.x.169
ip dhcp excluded-address 172.16.6.201 172.16.x.255
ip dhcp excluded-address 10.78.x.x 10.78.x.x
!
ip dhcp pool Controls
network 172.16.x.0 255.255.254.0
dns-server 172.16.x.x 172.16.x.x
default-router 172.16.x.x
lease 0 4
!
ip dhcp pool Admin
network 10.76.x.0 255.255.255.0
default-router 10.76.x.1
dns-server 10.110.x.x 10.110.x.x
lease 0 4
!
ip dhcp pool Voip
network 10.78.x.0 255.255.254.0
bootfile undionly.kpxe
default-router 10.78.x.1
dns-server 10.110.x.x 10.110.x.x
option 150 ip 172.21.x.x 172.21.x.x
lease 0 4
!
ip dhcp pool Wifi
network 192.168.x.0 255.255.255.0
default-router 192.168.x.1
dns-server 8.8.8.8 8.8.4.4
lease 0 4
!
!
!
login on-success log
!
!
!
!
!
!
!
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-
revocation-check none
rsakeypair TP-self-signed-
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!

!
!
license boot level network-advantage
license smart reservation
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 134344
!
username
!
redundancy
mode sso
!
!
!
!
!
transceiver type all
monitoring
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description Management
no ip address
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
description To_Wan_
no switchport
ip address 10.76.x.6 255.255.255.0
speed 100
duplex full
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/5
description Voip Phone
switchport access vlan 500
switchport mode access
switchport voice vlan 500
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/25
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/26
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/27
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/28
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/29
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/30
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/31
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/32
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/33
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/34
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/35
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/36
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/37
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/38
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/39
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/40
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/41
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/42
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/43
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/44
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/45
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/46
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/47
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/48
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
!
interface TenGigabitEthernet1/1/8
!
interface FortyGigabitEthernet1/1/1
!
interface FortyGigabitEthernet1/1/2
!
interface TwentyFiveGigE1/1/1
!
interface TwentyFiveGigE1/1/2
!
interface AppGigabitEthernet1/0/1
!
interface Vlan1
description management
no ip address
!
interface Vlan100
description Admin
ip address 10.76.x.x 255.255.255.0
ip access-group 101 in
!
interface Vlan200
description Controls
ip address 172.16.x.x 255.255.254.0
ip access-group 102 in
!
interface Vlan300
description Wifi
ip address 192.168.x.x 255.255.255.0
ip access-group 101 in
!
interface Vlan400
description Security
no ip address
!
interface Vlan500
description Voip
ip address 10.78.x.x 255.255.255.0
ip access-group 101 in
!
!
router eigrp 99
network 10.76.0.0 0.0.0.255
network 10.76.2.0 0.0.0.255
network 10.76.6.0 0.0.0.255
network 10.76.200.0 0.0.0.255
network 10.78.0.0 0.0.0.255
network 10.78.6.0 0.0.0.255
network 172.16.0.0
network 192.168.6.0
redistribute static metric 1000000 1 100 1 1
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list standard 50
10 permit 192.168.0.0 0.0.255.255
20 permit 10.76.0.0 0.0.0.255
30 permit 10.78.0.0 0.0.0.255
ip access-list extended 101
10 deny ip any 172.16.0.0 0.0.255.255
20 permit ip any any
ip access-list extended 102
10 permit ip any 172.16.0.0 0.0.255.255
20 permit ip any 10.243.x.x 0.0.1.255
30 permit ip any 10.233.x.x 0.0.1.255
!
!

snmp-server enable traps config
snmp-server host 172.16x.x version 2c public udp-port 161
!
line con 0
login local
stopbits 1
line vty 0 4
access-class 50 in
privilege level 15
login local
transport input all
line vty 5 15
login
!
ntp server 172.16.x.x prefer

Hi @chueymtz 

 thanks for the config.

You have ACL applied to the line vty

access-class 50 in

Which is the IP address you are connecting from? If the IP or network is not on the

Access list

below, you will be refused.

ip access-list standard 50
10 permit 192.168.0.0 0.0.255.255
20 permit 10.76.0.0 0.0.0.255
30 permit 10.78.0.0 0.0.0.255
ip access-list extended 101
10 deny ip any 172.16.0.0 0.0.255.255
20 permit ip any any
ip access-list extended 102
10 permit ip any 172.16.0.0 0.0.255.255
20 permit ip any 10.243.x.x 0.0.1.255
30 permit ip any 10.233.x.x 0.0.1.255
!
!

I am connecting from a

10.76.x.x

address which should be allowed per that

access list

but it's not going thru

Just make sure you IP address is

10.76.0.X

as per the mask used on the ACL it will be allowed to swap only the last octet. 

the ip i am using is

10.76.6.x

do i need to add that to the acl? On my network we change the third octet by site.

line vty 0 4
access-class 50 in
privilege level 15
login local
transport input all
line vty 5 15
login

You have two

vty

group, one config using username/password in global and other using username/password under

vty

(there is no username/password)

So do

Show line 

Check if there is user still show as connect, 

What İ think happened is that

vty from 0 4

is still shown as used and sw start use

 vty 5 15

which don't have password and that why the putty is rejected 

Sure you can' 

Also @Flavio Miranda consider about acl must double check 

Add to check if acl drop traffic 

Deny ip any any log to

access list 50 

And check again.

that worked, thanks everyone.

You are so so welcome 

Have a nice summer 

MHM