From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Sun Apr 23 2006 - 23:34:59 GMT-3
This was an interesting one... after much experimenting in the lab, I have
found the issue to be the destination of the access-list (when using the
extended ACL). If using anything but "any" for the destination, the ACL
appears to fail. Which would make since considering that the destination is
the router itself. My suggestion would be to the standard ACL and stay away
from the issue, since you really only need to specify the source. HTH.
Dave
________________________________
From: nobody@groupstudy.com on behalf of Victor Cappuccio
Sent: Sun 4/23/2006 9:57 PM
To: Victor Cappuccio
Cc: azhar mumtaz; ccielab@groupstudy.com
Subject: Re: Question related to Telnet
Now this is an interesting one
Rack1R3#telnet 10.4.4.4 /sour
lo0
Trying 10.4.4.4
...
% Connection refused by remote
host
Rack1R3#
BB1-TS#4
[Resuming connection 4 to R4 ...
]
*Ma
Rack1R4#
Rack1R4#
Rack1R4#show
logg
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0
flushes, 0 overruns, xml disabled)
Console logging: level debugging, 971 messages logged, xml
disabled
Monitor logging: level debugging, 0 messages logged, xml
disabled
Buffer logging: level debugging, 2 messages logged, xml
disabled
Logging Exception size (4096
bytes)
Count and timestamp logging messages:
disabled
Trap logging: level informational, 126 message lines
logged
Log Buffer (4096
bytes):
*Mar 2 07:34:39.240: %SEC-6-IPACCESSLOGP: list 100 denied tcp
10.3.3.3(31327) -> 0.0.0.0(23), 1 packet
Rack1R4#show
access-list
Extended IP access list
100
10 permit tcp host 10.3.3.3 host 10.4.4.4 eq
telnet
20 permit tcp host 10.4.4.4 eq telnet host
10.3.3.3
30 deny ip any any log (2
matches)
Extended IP access list
123
10 permit tcp host 10.3.3.3 host 10.4.4.4 eq telnet (6
matches)
Rack1R4#
Victor Cappuccio escribis:
> Hi Azhar try this
> conf ter
> access-list 123 permit tcp any any eq telnet
> end
> debug ip paquet 123 detail
>
> Rack1R4(config)#access-list 100 permit tcp host 10.3.3.3 any eq
> telnet Rack1R4(config)#line vty
> 0
>
> Rack1R4(config-line)#access-class 100
> in
> Rack1R4(config-line)#
>
> BB1-TS#3
>
> [Resuming connection 3 to R3 ...
> ]
>
>
>
> Rack1R3#telnet 10.4.4.4
> /sou
>
> Rack1R3#telnet 10.4.4.4 /source-interface
> lo0
> Trying 10.4.4.4 ...
> Open
>
>
>
>
>
> Password required, but none
> set
>
>
>
> [Connection to 10.4.4.4 closed by foreign
> host]
> Rack1R3#
>
>
> azhar mumtaz escribis:
>> Hi Victor:
>>
>> I tried the access-list that you mentioned, but it did
>> not work. If I configure
>>
>> access-list 100 permit host 3.3.3.3 any eq telnet
>>
>> wont it allow telnet from 3.3.3.3 to any . We want
>> only R1 to telnet to R3 loopback address.
>>
>> Thanks
>> Azhar
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam? Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:59 GMT-3