I'm probably having a brain fart but for whatever reason this access-list isn't working. I'm trying to lock down SSH access to a host and allowing all other traffic.
IOS-XE ASR903 "bootflash:asr900rsp3-universalk9_npe.16.09.01a.SPA.bin"
ip access-list extended RESTRICT_SSH_LOGIN
permit tcp host 10.0.0.20 host 172.16.0.100 eq 22
deny tcp any host 172.16.0.100 eq 22
permit ip any any
interface BDI100
ip address 172.16.0.1 255.255.255.0
ip access-group RESTRICT_SSH_LOGIN in
This is the only ACL on this interface and it seems ACL isn't having any effect. Other hosts in 10.0.0.0/24 are still able to SSH to 172.16.0.100.
sh ip access-lists isn't showing any matches.
Any ideas?
No comments:
Post a Comment