12-30-2015 11:50 AM - edited 03-05-2019 03:02 AM
I thought I had IP restrictions set to my 3750G Cisco switch to my single IP, but I just accessed it from another IP and was able to get in. Not sure what's configured wrong here.
Cisco3750#show ip access-list
Extended IP access list Manage-SSH
10 permit tcp host xx.xxx.158.114 host 0.0.0.0 eq 22
Cisco3750# show running-config ip access-list extended Manage-SSH
permit tcp host xx.xxx.158.114 host 0.0.0.0 eq 22
!
I want to update the IP and make sure it's truly restricted to one single IP. Any ideas?
12-30-2015 02:53 PM
Hi,
You just need an access-list that allows your host and apply the access-list to the vty lines
access-list 1 permit host x.x.x.x
line vty 0 4
access-class 1 in
Thanks
John
12-30-2015 06:24 PM
Thank you but how do I restrict access to the switch via SSH to only my IP address? I was able to access from another IP before despite the access list (I posted in my OP).
12-30-2015 06:31 PM
HI,
In your switch configuration, what access-list have you applied to line vty 0 4?
Thanks
John
12-30-2015 07:56 PM
Thanks I think I got it. Just curious, though I still see my IP under "Extended IP access list Manage-SSH". What is this feature and how do I clear it? Cisco's documents are overwhelming sometimes. So in the end, I want to restrict complete access to the switch to one (or two) IPs, mine and deny any other access attempts not from my IPs.
12-30-2015 08:54 PM
Where is access-list Manage-SSH applied? You can still use access-list Manage-SSH to control traffic to your switch but this depends on where the access-list is applied.
You can delete entries in access-list Manage-SSH as follows:
ip access-list extended Manage-SSH
no permit tcp host xx.xxx.158.114 host 0.0.0.0 eq 22
Thanks
John
05-24-2016 12:43 PM
Hey I'm going out of the country for a few days and need to be able to access my Cisco switch from any IP. How do I enable any IP access? Right now I have the following. Thank you.
Cisco3750#show ip access-list
Standard IP access list 1
10 permit xxx.xxx.200.254
20 permit xxx.xxx.198.134
Extended IP access list 115
10 permit tcp host xxx.xxx.33.6 host 0.0.0.0 eq 22
Extended IP access list Manage-SSH
10 permit tcp host xxx.xxx.198.134 host 0.0.0.0 eq 22 (18 matches)
20 permit tcp host xxx.xxx.33.6 host 0.0.0.0 eq 22 (2 matches)
12-30-2015 08:57 PM
Hello,
There are two ways to limit SSH connection.
1-The way you are trying to do.
ip access-list extended Manage-SSH
permit tcp host [Remote IP,(yours)] host [swith IP] eq 22
deny tcp any any eq 22
You need to apply it IN direction
interface vlan X
ip access-group Manage-SSH in
2- John mentioned it. By using access-class under line vty
Hope it helps,
Masoud
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: