Acl added to interface 2/3
Only the SSH traffic from the 2/3 interface passes from the host 192.168.2.2 All other IP traffic from all hosts / networks is accepted by port 2/3.
!
context test
!
no ip domain-lookup
!
interface 2/2
ip address 192.168.1.2/24
!
interface 2/3
ip address 192.168.2.1/24
ip access-group ACL-1 in
!
interface llop1 loopback
ip address 20.20.20.20/32
no logging console
!
ip access-list ACL-1 ssh-and-telnet-acl
seq 10 permit tcp host 192.168.2.2 any eq ssh max-sessions 5 min-sessions 0
seq 20 deny tcp any any eq ssh
seq 30 permit ip any any
!
enable encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
administrator admin encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
ip route 0.0.0.0/0 192.168.1.1
service ftp client
service ssh
service telnet
!
!
!
!
End
Use of admin-access-group ACL-2 in
Unlike the example above ACL-2 is plugged into the context, not the interface. Context test accepts execution within the SSH site. Only for hosts 192.168.2.2, 192.168.2.3
context test
!
no ip domain-lookup
!
interface 2/2
ip address 192.168.1.2/24
!
interface 2/3
ip address 192.168.2.1/24
!
interface llop1 loopback
ip address 20.20.20.20/32
no logging console
!
ip access-list ACL-1 ssh-and-telnet-acl
seq 10 permit tcp host 192.168.2.2 any eq ssh max-sessions 5 min-sessions 0
seq 20 deny tcp any any eq ssh
seq 30 permit ip any any
!
ip access-list ACL-2
seq 10 permit tcp host 192.168.2.2 any eq ssh
seq 15 permit tcp host 192.168.2.3 any eq ssh
seq 20 deny tcp any any eq ssh
seq 30 permit ip any any
!
enable encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
administrator admin encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
ip route 0.0.0.0/0 192.168.1.1
service ftp client
service ssh
service telnet
!
admin-access-group ACL-2 in
!
!
!
!
end