Summary:

 

Prevent users outside the 10.0.0.0/8 network from managing (via telnet or SSH) any device inside your corporate
network. Test your configuration from R1 using a source interface of S0/0

 

R2.

ip access-list standard LIMIT_TELNET
 permit 10.0.0.0 0.255.255.255

 deny any !-------------------------------there is an implicit deny at each ACL, but putting this line here so you can see hitcounts

line vty 0 4
 access-class LIMIT_TELNET in !--- access-class is used for telnet and ssh acl, and you want to configure this inbound not

                                                     !----outbound or it will affect all outbound telnet and ssh sessions
 

#Test:

 

R1, R3, S1, S2, S3,

ip access-list standard LIMIT_TELNET
 permit 10.0.0.0 0.255.255.255
 deny any

line vty 0 4
 access-class LIMIT_TELNET in

 

-Yu