Using Named ACLs for VTY access
Posted on April 02, 2014
- and tagged as
- cisco,
- networking
Cisco allows use of extended and named access lists for filtering access to VTY lines. However, still unsupported is the ability to specify destination addresses (ie, the ability to limit VTY access to specific management IP addresses). The destination portion of the ACL needs to be set to ‘any’.
Example named ACL for limiting VTY access from specific subnets over ssh. This also allows us to log rejected connected attempts
ip access-list extended vty.access
permit tcp 10.10.250.0 0.0.0.255 any eq ssh
deny tcp any any log
line vty 0 4
access-class vty.access in