The access-class Command

In this article we will discuss The access-class Command, will make brief discussion on The access-class Command, In last article we discuss about ACL Statistics.

You can improve the security of administrative lines by restricting VTY access. Restricting VTY access is a technique that allows you to define which IP addresses are allowed remote access to the router EXEC process.

You can specify which IP addresses are allowed remote access to your router with an ACL and an access-class statement configured on your VTY lines. Use this technique with SSH to further improve administrative access security.

The access-class command configured in line configuration mode restricts incoming and outgoing connections between a particular VTY (into a Cisco device) and the addresses in an access list.

The command syntax of the access-class command is:

Router(config-line)# access-class access-list-number { in vrf-also ] |out }

The parameter in restricts incoming connections between the addresses in the access list and the Cisco device, while the parameter out restricts outgoing connections between a particular Cisco device and the addresses in the access list.

The following should be considered when configuring access lists on VTYs:

  • Both named and numbered access lists can be applied to VTYs.
  • Identical restrictions should be set on all the VTYs, because a user can attempt to connect to any of them.

Access lists apply to packets that travel through a router. They are not designed to block packets that originate within the router. By default, an outbound ACL does not prevent remote access connections initiated from the router.

Add a Comment

Your email address will not be published. Required fields are marked *