I believe the standard ACL should be enough since your already specifying transport input ssh on line vty 0 4.
Just my $0.02 Jablonski, Michael wrote: > > I'm having a bit of trouble with extended access-lists for vty > access. > Basically I'd like to setup an extended access list that only > allows ssh > access from certain IPs, but after creating the list and > applying it to the > VTY I lose access. But if I use a standard acl only allowing > certain IPs it > works fine... > > ip access-list extended local_shell > permit tcp host 192.168.1.2 host 192.168.1.1 eq 22 > > vty 0 4 > access-class local_shell in > transport input ssh > > Is the standard enough & is the above over-kill? > > Thanx, > mkj > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72991&t=72990 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]