Solved: VTY - Access Lists

simoesmarco8626982 · ‎12-16-2021

Hi all,

Hope to find everyone well.

I'm trying to implement some access-list on the VTY lines to restrict access only to a certain range of IP addresses but everytime I create the access list and apply it using the access-class command I end up locking myself out and not even the IP addresses that I configured have access.

I'm doing the following config.

ip access-list standard SWITCH_ACCESS

permit ip 10.1.0.0 0.0.128.255

deny any

Then on the VTY lines:

access-class SWITCH_ACCESS in

By doing this the switch automatically blocks all the IP addresses from accessing the switch and I can't understand why

Any guesses please?

Thank you

Karsten Iwen · ‎12-16-2021

There is a syntax error in the ACL which results in an empty "deny any" ACL. Likely you want this ACL:

ip access-list standard SWITCH_ACCESS
  permit 10.1.0.0 0.0.127.255

View solution in original post

Karsten Iwen · ‎12-16-2021

There is a syntax error in the ACL which results in an empty "deny any" ACL. Likely you want this ACL:

ip access-list standard SWITCH_ACCESS
  permit 10.1.0.0 0.0.127.255

simoesmarco8626982 · ‎12-16-2021

Thank you very much Karsten, all working now

cmarva · ‎12-16-2021

in addition to Karsten's response, if this device has a vrf aware mgmt interface, and that is what you are using, you will also need to include vrf-also in your access-class statement