Summary:
Prevent users outside the 10.0.0.0/8 network from managing (via telnet or SSH) any device inside your corporate
network. Test your configuration from R1 using a source interface of S0/0
R2.
ip access-list standard LIMIT_TELNET
permit 10.0.0.0 0.255.255.255
deny any !-------------------------------there is an implicit deny at each ACL, but putting this line here so you can see hitcounts
line vty 0 4
access-class LIMIT_TELNET in !--- access-class is used for telnet and ssh acl, and you want to configure this inbound not
!----outbound or it will affect all outbound telnet and ssh sessions
#Test:
R1, R3, S1, S2, S3,
ip access-list standard LIMIT_TELNET
permit 10.0.0.0 0.255.255.255
deny any
line vty 0 4
access-class LIMIT_TELNET in
-Yu