It may depend on your IOS. the access-class command only supported numbered standard access lists, but from IOS release 12.4 and on, it supports both extended and named access lists. If you’re using an IOS before 12.4, this may be the reason for the failure.
Secondly, let’s take a look at your access list. You are:
- Permitting access from any host to 220.127.116.11 using SSH
- Denying access from anywhere to anywhere for Telnet and SSH
- Allowing access from anywhere to anywhere.
You must remember however, that this access list is applied on the VTY alone, so it will only filter communication that is attempted to be made via ports 22 and 23. You can’t connect to the VTY with other TCP ports. Also, I’m not sure how this is going to behave, keeping in mind that the access list is actually applied on the VTY and not on a physical interface. A better approach would be to:
- Determine from which IP addresses you will accept connectivity to the VTY and use those as source addresses in the ACL.
- Don’t use the ACL to specify which IP address should be used for management. It is better to use Management Plane Protection (MPP) to specify the port via which such communication is allowed to take place.
I hope this has been helpful!