From: Anand Singh (anandksi@cisco.com)
Date: Mon Sep 06 2004 - 14:03:56 GMT-3
Hi All,
This may sound obvious but I am not able to figure out how its
happpening? I have following config on the switch:
-----------------------------------------------------------
s1#sh ip access-lists 101
Extended IP access list 101
permit tcp any host 150.1.7.7 eq 3023
permit tcp any host 150.1.7.7 eq telnet
permit ip any host 150.1.7.7
s1#sh running-config | b line cons
line con 0
exec-timeout 0 0
privilege level 15
password favre
logging synchronous
line vty 0
exec-timeout 0 0
password cisco
logging synchronous
login local
autocommand access-enable host time 10
line vty 1 4
access-class 101 in
exec-timeout 0 0
logging synchronous
login local
rotary 23
line vty 5 15
access-class 101 in
login local
rotary 23
!
Ip address 150.1.7.7/32 is configured on this switch.
---------------------------------------------------------
I am trying to telnet to this switch from another device and get the
following error message:
R3#telnet 150.1.7.7 3023
Trying 150.1.7.7, 3023 ...
% Connection refused by remote host
When I change the ACL to include the word 'any' for the host 150.1.7.7
(i.e: permit tcp any any eq 3023) it works. My question is why it
doesn't work at the first place while I am trying to telnet to ip
address 150.1.7.7. Can't we use specific host addresses in access-class
acls?
Thanks a lot,
-Anand
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:37 GMT-3