From: Lanny Ballard (lanny26ga@hotmail.com)
Date: Fri May 27 2005 - 10:04:17 GMT-3
allow telnet as the destination port, not the source port.
>From: "Looking to be CCIE" <ccie@nc.rr.com>
>Reply-To: "Looking to be CCIE" <ccie@nc.rr.com>
>To: <ccielab@groupstudy.com>
>Subject: Telnet Access list VTY FEELING STUPID!
>Date: Fri, 27 May 2005 08:53:55 -0400
>
>Feeling Stupid... I was trying to put an access list on the VTY ports to
>limit telnet to a specific host, but could not get it to work with a simple
>one line list. Am I missing something here.... Just a serial connection
>between the routers. Config Below..... I checked telnet before applying
>access-list and it would work fine. After applying list I would just get
>a
>connection refused message.
>
>Note: If I put a three line list on it would work,
>(access-list 100 permit tcp host 10.2.1.2 eq telnet any
>access-list 100 deny tcp any eq telnet any
>access-list 100 permit ip any any)
>
>
>
>r7# (Router that has access list)
>
>
>interface Serial0/1
> ip address 10.2.1.1 255.255.255.0
>!
>!
>access-list 100 permit tcp host 10.2.1.2 eq telnet any
>!
>mgcp profile default
>!
>dial-peer cor custom
>!
>!
>!
>!
>line con 0
>line aux 0
>line vty 0 4
> access-class 100 in
> password cisco
> login
>!
>!
>end
>
># (Router that I am accessing first router from)
>
>interface Serial0/1
> ip address 10.2.1.2 255.255.255.0
> clockrate 64000
>!
>!
>ip classless
>!!
>line con 0
>line aux 0
>line vty 0 4
>!
>!
>end
>
>Router#
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3