Controlling Telnet and SSH logins
Use different types of ACLs to filter Telnet and SSH logins by different match criteria:
Basic ACL (2000 to 2999)—Source IP address.
Advanced ACL (3000 to 3999)—Source IP address and destination IP address.
Ethernet frame header ACL (4000 to 4999)—Source MAC address.
If an applied ACL does not exist or does not have any rules, no user login restriction is applied. If the ACL exists and has rules, only users permitted by the ACL can access the device through Telnet or SSH.