Thank you but how do I restrict access to the switch via SSH to only my IP address? I was able to access from another IP before despite the access list (I posted in my OP).

HI,

In your switch configuration, what access-list have you applied to line vty 0 4?

Thanks

John

Thanks I think I got it. Just curious, though I still see my IP under "Extended IP access list Manage-SSH". What is this feature and how do I clear it? Cisco's documents are overwhelming sometimes. So in the end, I want to restrict complete access to the switch to one (or two) IPs, mine and deny any other access attempts not from my IPs.

Where is access-list Manage-SSH applied? You can still use access-list Manage-SSH to control traffic to your switch but this depends on where the access-list is applied.

You can delete entries in access-list Manage-SSH as follows:

ip access-list extended Manage-SSH

  no permit tcp host xx.xxx.158.114 host 0.0.0.0 eq 22

Thanks 

John

Hey I'm going out of the country for a few days and need to be able to access my Cisco switch from any IP. How do I enable any IP access? Right now I have the following. Thank you.

Cisco3750#show ip access-list
Standard IP access list 1
    10 permit xxx.xxx.200.254
    20 permit xxx.xxx.198.134
Extended IP access list 115
    10 permit tcp host xxx.xxx.33.6 host 0.0.0.0 eq 22
Extended IP access list Manage-SSH
    10 permit tcp host xxx.xxx.198.134 host 0.0.0.0 eq 22 (18 matches)
    20 permit tcp host xxx.xxx.33.6 host 0.0.0.0 eq 22 (2 matches)

Hello,

There are two ways to limit SSH connection.

1-The way you are trying to do.

ip access-list extended Manage-SSH

permit tcp host [Remote IP,(yours)] host [swith IP] eq 22

deny tcp any any eq 22

You need to apply it IN direction

interface vlan X

ip access-group Manage-SSH in

2- John mentioned it. By using access-class under line vty

Hope it helps,

Masoud