Re: Telnet Access list VTY FEELING STUPID!

From: Looking to be CCIE (ccie@nc.rr.com)
Date: Fri May 27 2005 - 11:36:25 GMT-3

• Next message: ccie2be: "Mobile IP and IRDP"
• Previous message: ccie2be: "RE: BGP Load-balancing betw ibgp and ebgp paths"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

THANKS... I knew it was something simple......

----- Original Message -----
From: "Lanny Ballard" <lanny26ga@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Friday, May 27, 2005 9:04 AM
Subject: RE: Telnet Access list VTY FEELING STUPID!

> allow telnet as the destination port, not the source port.
>
>>From: "Looking to be CCIE" <ccie@nc.rr.com>
>>Reply-To: "Looking to be CCIE" <ccie@nc.rr.com>
>>To: <ccielab@groupstudy.com>
>>Subject: Telnet Access list VTY FEELING STUPID!
>>Date: Fri, 27 May 2005 08:53:55 -0400
>>
>>Feeling Stupid... I was trying to put an access list on the VTY ports to
>>limit telnet to a specific host, but could not get it to work with a
>>simple
>>one line list. Am I missing something here.... Just a serial connection
>>between the routers. Config Below..... I checked telnet before applying
>>access-list and it would work fine. After applying list I would just
>>get a
>>connection refused message.
>>
>>Note: If I put a three line list on it would work,
>>(access-list 100 permit tcp host 10.2.1.2 eq telnet any
>>access-list 100 deny tcp any eq telnet any
>>access-list 100 permit ip any any)
>>
>>
>>
>>r7# (Router that has access list)
>>
>>
>>interface Serial0/1
>> ip address 10.2.1.1 255.255.255.0
>>!
>>!
>>access-list 100 permit tcp host 10.2.1.2 eq telnet any
>>!
>>mgcp profile default
>>!
>>dial-peer cor custom
>>!
>>!
>>!
>>!
>>line con 0
>>line aux 0
>>line vty 0 4
>> access-class 100 in
>> password cisco
>> login
>>!
>>!
>>end
>>
>># (Router that I am accessing first router from)
>>
>>interface Serial0/1
>> ip address 10.2.1.2 255.255.255.0
>> clockrate 64000
>>!
>>!
>>ip classless
>>!!
>>line con 0
>>line aux 0
>>line vty 0 4
>>!
>>!
>>end
>>
>>Router#
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "Mobile IP and IRDP"
• Previous message: ccie2be: "RE: BGP Load-balancing betw ibgp and ebgp paths"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3