Re: ACL "in" for filtering Telnet

From: Dave Gingrich (Dave@xxxxxxx)
Date: Wed Jun 14 2000 - 08:30:00 GMT-3

• Next message: Nnanna Obuba: "Re: on-line lab experiences"
• Previous message: Pamela Forsyth: "Re: ACL "in" for filtering Telnet"
• Maybe in reply to: ccie lab: "ACL "in" for filtering Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
At 19:15 6/12/00 EDT, ccie lab wrote:
>Here is the issure which seems to be simple but couldn't be solved by only
>using ACL "in" on all intrfaces.
>
>R1:s1 ---- s0:R2:s1 ----- s0:R3 (w/EIGRP routing protocol)
> |---------------------->
> R1 telnets to R3
>
>apply ACL 100 on R2 only !
> acl 100 permit eigrp any any
> acl 100 permit TCP any any eq telnet

Using that access list on R2:S1 will block telnet replies from R3. Look at
the use of the "established" parameter.

=========================
David C. Gingrich, K9DC
Indianapolis, Indiana
Dave@dcg.org
=========================

• Next message: Nnanna Obuba: "Re: on-line lab experiences"
• Previous message: Pamela Forsyth: "Re: ACL "in" for filtering Telnet"
• Maybe in reply to: ccie lab: "ACL "in" for filtering Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:42 GMT-3