To limit access to the management of the Cisco Catalyst 6500, first we make an access-list with IP addresses from which we will later allow us to connect to the device via SNMP, telnet, etc.:
access-list 10 permit 192.168.0.100
access-list 10 permit 192.168.20.110
You can view the lists with the commands:
show access-list
show ip access-lists
An example of the use of these access-lists for telnet (let’s go to the desired vty and indicate that accept incoming connections only from the tenth access-list):
line vty 0 4
access-class 10 in
As a result, who is not specified in the tenth access-list when connecting to telnet will not see anything, the connection will be disconnected.
For SNMP, when adding community at the end of the line, you just need to specify the access-list number, for example:
snmp-server community public RO 10
For HTTP, specify this:
ip http access-class 10
You can cancel it like this:
no ip http access-class 10
See also my article:
Configuring Cisco Catalyst 6509-E