RE : Telnet established

From: Olivier Martin (omartin@xxxxxxxx)
Date: Sat Sep 15 2001 - 16:05:45 GMT-3

• Next message: Omar: "Lex Interfaces"
• Previous message: Hansang Bae: "RE: OT - Recent CCIE looking for advice from other CCIE's"
• Next in thread: Tony Brown: "RE: RE : Telnet established"
• Maybe reply: Tony Brown: "RE: RE : Telnet established"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It depends on if you want telnet traffic through the router or from the
router. Access-class limits the telnetting capability from the router or to
the router, but has no effect on through traffic.

Olivier

-----Message d'origine-----
De : Aqui Ordonez [mailto:aordonez@viacat.com]
Envoyi : 15 septembre, 2001 12:27
@ : Olivier Martin; 'CCIE Cisco'; ccielab@groupstudy.com
Objet : Re: Telnet established

Why not just create an access list on R1 that allows telnet traffic from
wherever you want it to come from, but not R2, and apply it as 'access-class
ListNumberOrName in' on line vty 0 4 ?

-----Original Message-----
From: Olivier Martin <omartin@genia.ca>
To: 'CCIE Cisco' <c_ccie@hotmail.com>; ccielab@groupstudy.com
<ccielab@groupstudy.com>
Date: Saturday, September 15, 2001 11:05 AM
Subject: RE : Telnet established

>You should apply the following access-list on R1 Serial 0 (in)
>
>access-list 100 permit tcp any eq telnet any
>access-list 100 deny ip any any
>
>Interface serial0
> ip access-group 100 in
>
>This way, established telnet traffic, comming from TCP port 23 on R2
>will
be
>allowed to cross the link and make its way through R1.
>
>Nothing special on R1 has to be done to allow it to telnet out.. If you
want
>to restrict the traffic only to telnet outbound on R1 (this will
>prevent routing updates.. Depending on how you write your
>access-lists).
>
>access-list 101 permit tcp any any eq 23
>access-list 101 deny ip any any
>
>Interface serial0
> ip access-group 101 out
>
>The traffic directed outbound serial0 will be evaluated against the 101
>access-list..
>
>This should work..
>
>Olivier
>
>
>
>-----Message d'origine-----
>De : CCIE Cisco [mailto:c_ccie@hotmail.com]
>Envoyi : 15 septembre, 2001 08:36
>@ : ccielab@groupstudy.com
>Objet : Telnet established
>
>
>Hi,
>
>I am having R1 and R2 connected on serial link.
>
>
> R1--------------------R2
> (10.10.10.1) (10.10.10.2)
>
>
>I am at R1 and I want to telnet to R2 but I don't want to allow R2 to
telnet
>
>into R1.
>
>Can any one suggest access-lsit and where to apply (serial in/out)
>
>Thnaks in advance
>
>Mer
>

• Next message: Omar: "Lex Interfaces"
• Previous message: Hansang Bae: "RE: OT - Recent CCIE looking for advice from other CCIE's"
• Next in thread: Tony Brown: "RE: RE : Telnet established"
• Maybe reply: Tony Brown: "RE: RE : Telnet established"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:18 GMT-3