Disable telnet & ssh using ACL

My campus network using 3 layer design which is core switch, distribution switch & access switches. All the routing is configured at core switch using static route & GLBP as redundancy protocol. To remote the switches, we are using telnet & http protocol.

Currently we found security issues ; user can sniff all telnet & http password using tools such as C&A , wireshark and others. Action that we have taken is to use ACL at core switch to disable http & telnet access. The configuration look something like this ::

Core 1
!
interface Vlan20
ip address 192.168.0.250 255.255.255.0
ip access-group Deny_HTTP in
glbp 20 ip 192.168.0.254
glbp 20 priority 110
glbp 20 preempt
!

Core 2
!
interface Vlan20
ip address 192.168.0.249 255.255.255.0
ip access-group Deny_HTTP in
glbp 20 ip 192.168.0.254
!

Access Switches
ip access-list extended Deny_Telnet
deny tcp any any eq telnet
permit ip any any

The problems are ::

1- Need to define Deny_HTTP in at every interface at core switch
2- Need to define Deny_Telnet at every access switches
3- If there any ACL short command? Recommendation website about ACL rules?

Tq

Turn off the telnet and http daemons as a solution.

no ip http server

line vty 0 - 15
transport input none

I agree with turning off the http daemon but for administrative reasons i wouldnt reccomend to turn off the telnet/ssh daemon.

You can put an access-list wich permits or denies certain hosts/subnets to telnet/ssh to the router.

Example:
[code:1]
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 1 permit 192.168.10.10 0.0.0.0
access-list 1 deny any
!
line vty 0 4
access-class 1 in[/code:1]

SSH is more secure as your passwords can't be sniffed so easily.

[code:1]
crypto key generate rsa modulus 1024
!
line vty 0 4
access-class 1 in
transport input ssh[/code:1]

You do need to define a hostname and a domain name first before you enable SSH.