First, list connect to the switch using a console cable or Telnet to connect to the switch’s command line interface (CLI). You also might need the credentials to access the switch if they have been configured.

Enter configuration EXEC mode: once connected, enter privilege EXEC mode by typing the following command and proving the correct enable password if security has been configured.

Switch> enable

Enter global configuration mode:

Switch# configure terminal

Now let’s create an access-list using the ‘access-list’ command to create an access list that defines the allowed IP addresses or address. The following example creates an access list named “ACL-IN” that permits traffic from a specific IP address (192.168.1.100):

Switch(config)# access-list ACL-IN permit ip host 192.168.1.100 any

You can modify the IP Address and subnet to meet your requirements. The ‘any’ keyword allows traffic to any destination IP address.

Now lets apply the access list to the management interface. To secure the switch, we need to apply the access list to a management interface, such as VTY lines used for remote management. Use the below commands to apply the ACL to the VTY lines.

Switch(config)# line vty 0 15
Switch(config-line)# access-class ACL-IN in

This configuration applies the access-list “ACL-IN” to the incoming traffic on the VTY lines.

To finish up, lets save our configuration using ‘write’ or ‘wr’ or ‘copy running-config startup-config’.

Switch(config)# write

We have created an access list and applied it to the management interface of the switch. Please remember to replace the IP Address (192.168.1.100) with an IP or Subnet that you would like to have Telnet or SSH access as all other IP addresses will be denied access. Thanks again for visiting Unreal-Labs, make sure to check back soon as our content is always updating.