Section 8.4: Controlling Telnet Access with IP Access Lists

Access into and out of the virtual terminal line (vty) ports of the Cisco IOS software can also be controlled by IP access lists. IOS uses vtys to represent a user who has Telnetted to a router, as well as for Telnet sessions a user of a router has created to other devices. You can use ACLs to limit the IP hosts that can Telnet into the router, and you can also limit the hosts to which a user of the router can Telnet.