: What you're talking about is ciscos "Receive-acl" feature. No, I just worded my response poorly. I can't wait for this feature to get to 7200 series, though. What I ment was do: access-list 30 permit xxx.xxx.0.0 0.0.63.255 On the vty, so ports for rshell, ssh and telnet are covered, as opposed to just blocking the telnet port. james