The following example shows the connected users on the console line (ttyS0) and the VTY lines (pts/0 and pts/1).
switch# show users
NAME LINE TIME IDLE PID COMMENT
admin ttyS0 Aug 27 20:45 . 14425 *
admin pts/0 Aug 27 20:06 00:46 14176 (172.18.217.82) session=ssh
admin pts/1 Aug 27 20:52 . 14584 (10.55.144.118)
The following example shows how to allow vty connections to all IPv4 hosts except 172.18.217.82 and how to deny vty connections to any IPv4 host except 10.55.144.118, 172.18.217.79, 172.18.217.82, 172.18.217.92:
switch# show running-config aclmgr
!Time: Fri Aug 27 22:01:09 2010
version 5.0(2)N1(1)
ip access-list ozi
10 deny ip 172.18.217.82/32 any
20 permit ip any any
ip access-list ozi2
10 permit ip 10.55.144.118/32 any
20 permit ip 172.18.217.79/32 any
30 permit ip 172.18.217.82/32 any
40 permit ip 172.18.217.92/32 any
line vty
access-class ozi in
access-class ozi2 out
The following example shows how to configure the IP access list by enabling per-entry statistics for the ACL:
switch# conf t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)# ip access-list ozi2
switch(config-acl)# statistics per-entry
switch(config-acl)# deny tcp 172.18.217.83/32 any
switch(config-acl)# exit
switch(config)# ip access-list ozi
switch(config-acl)# statistics per-entry
switch(config-acl)# permit ip 172.18.217.20/24 any
switch(config-acl)# exit
switch#
The following example shows how to apply the ACLs on VTY in and out directions:
switch(config)# line vty
switch(config-line)# ip access-class ozi in
switch(config-line)# access-class ozi2 out
switch(config-line)# exit
switch#
The following example shows how to remove the access restrictions on the VTY line:
switch# conf t
Enter configuration commands, one per line. End
with CNTL/Z.
switch(config)# line vty
switch(config-line)# no access-class ozi2 in
switch(config-line)# no ip access-class ozi2 in
switch(config-line)# exit
switch#