From: Rohan Grover (rohang@cisco.com)
Date: Sun Jul 25 2004 - 06:36:24 GMT-3
Hi,
This is a really simple scenario but for some reason I'm unable to get it to work!!
R1 ----------- R2
1.0.0.1 1.0.0.2
All I want to do is deny telnet access on R2 to everyone except from 1.0.0.1(R1) to 1.0.0.2(R2).
So I use access list
'access-list 100 permit tcp host 1.0.0.1 host 1.0.0.2 eq telnet'
And apply it on vty 0 4 of R2 as 'access-class 100 in'
I see that this blocks ALL telnet access.
If I change the access-list to
'access-list 100 permit tcp host 1.0.0.1 any eq telnet' , then it allows telnet access only from 1.0.0.1 to any interface on R2,
which is not what I want.
Is there anything I'm missing regarding use of access-class? Some restriction on destination host?
Thanks
Rohan
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:02 GMT-3