Allowing SSH only from trusted subnets

I need to set up some extended ACL's to only allow SSH from trusted subnets. This is what I have come up with so far :

ip access-list extended allowSSH access-list 100 allow ip x.x.210.0 0.0.1.255 any log access-list 105 allow ip x.x.144.0 0.0.1.255 any log access-list 110 allow ip x.x.44.0 0.0.1.255 any log access-list 115 allow ip x.x.224.0 0.0.1.255 any log access-list 120 deny ip any any log exit

line vty 0 4 access-class allowSSH in transport input ssh exec-timeout 9 0

In general, is this a correct way to go about it. There are many more subnets that are to be denied SSH access, so I went the allow route. Suggestions, comments?

Thanks Lovejoy

Reply to
Lovejoy
Loading thread data ...

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Agreed 'allow route' is better.

formatting link
I think you may be able to accomplish with a standard access control list when used in conjunction with access-class command

Regards

Reply to
jrguent

Thanks for the response. I will give it a try.

Thanks Lovejoy

Reply to
Lovejoy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.