Solved: Troubleshooting ACL SSH

Alex Vector · ‎08-19-2020

Hello!

I don't understand this common error with configuring ACL

So R2 have extended access list configured on interface e0/0 (inbound)

R2# show access-lists 150
Extended IP access list 150
10 deny tcp any host 13.1.1.1 eq 22
20 permit ip any any

But host 37.1.11.10 can use ssh to connect.

Do I have to configure this ACL on R1 (interface e0/0, inbound)?

Georg Pauwen · ‎08-19-2020

Hello,

stupid question maybe, but does access list 150 actually exist on R1 ? The output shows the access list on R2, make sure that if you apply it on R1, it is also configured on R1. Or apply it inbound on e0/0 of R2. Both should work.

View solution in original post

chesterr · ‎08-19-2020

Show configuration of interface e0/0 R2.

Georg Pauwen · ‎08-19-2020

Hello,

stupid question maybe, but does access list 150 actually exist on R1 ? The output shows the access list on R2, make sure that if you apply it on R1, it is also configured on R1. Or apply it inbound on e0/0 of R2. Both should work.

balaji.bandi · ‎08-19-2020

Simple ACL should restrict here for your purpose :

On R2

access-list 1 permit host x.x.x.x ( you want to permit) - rest automatically deny.

line vty 0 4

access-class 1 in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎08-19-2020

This is on "real" equipment, correct?

What you're doing appears that it should be okay, but as already asked by Chesterr, would like to see config of R2's e0/0.

balaji.bandi · ‎08-19-2020

by looking at the diagram this is not real, this eve-ng/pnet IOL

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help