access-list for ssh

So I have created an ACL on a 2811 router for my ssh access and applied in to the line vty. The ACL basically is restricting access to specific IP subnet but  I am having an issue.

If  I do (which is more general)
access-list 10 permit
and apply this to line VTY inbound, I can't get in the router from subnet.

If I do something like this, (very specific)
access-list 10 permit host
and apply to VTY on inbound, I can get in just fine.

line vty 0 4
access-class 10 in

Open in new window

Shark AttackNetwork adminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
So what's the question (or problem)?
Bryant SchaperCommented:
is where you are trying from.
Shark AttackNetwork adminAuthor Commented:
yes, for example. if I ssh from i should be able to get in no matter what acl i use above. but the acl with is not letting me in. How come? if it's that should be anything from to
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Don JohnstonInstructorCommented:
You're right. It should allow access.

Can you post the ACL and the vty config section.  And please copy/paste the config info from the running-config as opposed to simply typing it in here.
Shark AttackNetwork adminAuthor Commented:
Ok, I don't know how this happened but it's working now. Configs did not change.
Literally, when I applied the ACL with the wildmask, I would not be able to login until i took the ACL off. The second I took the ACL off, i was able to get in. I dont get it but it works now and I see counters on the ACL so it does work. thank you all
nader alkahtaniConsultantCommented:
You have to end the ACL with :
Aceess-list  10 permit ip any any
Shark AttackNetwork adminAuthor Commented:
that was defeat the purpose of the acl
Shark AttackNetwork adminAuthor Commented:
Since the standard acl worked, could anyone actually show me how i could create an extended acl ?

What I did was,
ip access-list extended SSH permit tcp eq 22 any eq 22

But the above did not work.
Don JohnstonInstructorCommented:
ip access-list extended SSH permit tcp eq 22 any eq 22

should be:

ip access-list extended SSH permit tcp any eq 22

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shark AttackNetwork adminAuthor Commented:
Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.