Hi, I have a S3048 running Dell IOS firmware 9.10. I would like to restrict access for telnet and ssh to the switch but i'm having trouble getting this to work. So what i have is:
ip access-list extended telssh
seq 10 permit 22 192.168.5.0/24 host 192.168.5.1
seq 11 permit 23 192.168.5.0/24 host 192.168.5.1
seq 12 permit 22 192.168.5.0/24 host 10.0.200.1
seq 13 permit 23 192.168.5.0/24 host 10.0.200.1
seq 20 deny 22 any 192.168.5.1/24
seq 21 deny 23 any 192.168.5.1/24
seq 22 deny 22 any 10.0.200.1/24
seq 23 deny 23 any 10.0.200.1/24
seq 100 permit ip any any
I've applied this access policy to three interfaces - 2 vlan ones and 1 real interface via the 'ip access-group' command however it's still possible to get ssh and telnet access from any network. The switch management ip is the 192.168.5.1 address and the 10.0.200.1 address is on an interface port. I'd like to restrict access for telnet and ssh from pretty much everyting except the management port and designated ip addresses that would be arriviong inbound via the port with address 10.0.200.1. If i take the seq 100 permit ip any any out of the access rule then this blocks ALL traffic from these ports, if i put it back then traffic flows again but so does telnet and ssh - Is what i would like to do possible and can somebody point me as to where i'm going wrong ?