From: Pamela Forsyth (pforsyth@xxxxxxxxx)
Date: Wed Aug 04 1999 - 23:35:01 GMT-3
Howard,
An access list applied to an interface using the "access-group" statement
cannot filter packets originating in the router, but can filter only
packets transiting the router.
If you want to filter the networks or hosts you can telnet to from your
router, you need to apply an "access-class out" statement to your vty
lines.
Pamela
On Wed, 4 Aug 1999, Rahmlow, Howard F. wrote:
> I think I have been working on this to long that last few days. Things I
> knew, and worked dont. So here is the dumb question of the day.
>
> Here is the access-list
> access-list 101 deny tcp host 192.63.65.14 host 192.63.65.5 eq 23
> access-list 101 permit ip any any
>
> Interface commands
> Int S0
> clockrate 9600
> ip add 192.63.65.14 255.255.255.252
> ip access-group 101 out
>
> when logged in to the router I can telnet to the host 192.63.65.5 (its
> another router),
> What dumb thing am I missing. If I move the access-list to another router
> between the two, the access-list workes fine.
>
> Thanks, Howard
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:46 GMT-3