Cisco Catalyst 6500 Management Access Restriction

To limit access to the management of the Cisco Catalyst 6500, first we make an access-list with IP addresses from which we will later allow us to connect to the device via SNMP, telnet, etc.:

access-list 10 permit 192.168.0.100
access-list 10 permit 192.168.20.110

You can view the lists with the commands:

show access-list
show ip access-lists

An example of the use of these access-lists for telnet (let’s go to the desired vty and indicate that accept incoming connections only from the tenth access-list):

line vty 0 4
access-class 10 in

As a result, who is not specified in the tenth access-list when connecting to telnet will not see anything, the connection will be disconnected.

For SNMP, when adding community at the end of the line, you just need to specify the access-list number, for example:

snmp-server community public RO 10

For HTTP, specify this:

ip http access-class 10

You can cancel it like this:

no ip http access-class 10

See also my article:
Configuring Cisco Catalyst 6509-E

Leave a comment

Leave a Reply