If you want to control what information hosts can telnet to or
from a router, use the IP ACCESSCLASS command. Build a standard
IP access list to define which IP addresses will be allowed, then
apply the list to the console or vty line.
Using the 'ip accessclass 1 in' command limits inbound access
to only those hosts allowed by standard IP access list 1. Conversely,
using 'ip accessclass 2 out' enables users on the router
or access server to telnet only to those hosts whose IP addresses
are allowed by standard IP access list 2. Note the difference
in using IP ACCESSCLASS to control telnet and IP ACCESSGROUP
to filter data packets.