From: secondie (secondie@gmail.com)
Date: Fri Aug 11 2006 - 19:17:55 ART
For the sake of seeing why extended ACL would not work, I placed a "deny
any any log" on access class and I noticed following in the debug:
Mar 1 00:30:32.391: %SEC-6-IPACCESSLOGP: list vty-in denied tcp
192.168.1.32(2228) -> 0.0.0.0(23), 1 packet
why is the destination changed from 1.1.1.1 "0.0.0.0"
Another question: Seems like access-class out does not work at all. I
tried placing deny any any, but it had no affect
Any ideas ??
**** Config as below:
ip telnet source-interface Loopback0
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.101 255.255.255.0
duplex auto
speed auto
!
ip access-list extended vty-in
permit tcp any host 1.1.1.1 eq telnet log
deny ip any any log
!
line vty 0 4
access-class vty-in in
password a
login
end
-secondie
Victor Cappuccio wrote:
> Hi Guys,
>
> http://www.groupstudy.com/archives/ccielab/200604/msg01295.html
>
> Zero, that does not seems to be working
>
> -----Mensaje original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
> ZeroFlash
> Enviado el: Viernes, 11 de Agosto de 2006 04:13 p.m.
> Para: 'Patricia Loreal'; Cisco certification
> Asunto: RE: Telnet to loopback only
>
> I would actually use an extended ACL stating something like this:
>
> Access-list 100 permit tcp any host 150.1.1.1 eq 23
> Access-list 100 permit tcp any host 150.1.2.2 eq 23
> Access-list 100 permit tcp any host 150.1.3.3 eq 23
>
> line vty 0 4
> access-class 100 in
>
> ZeroFlash
> CCIE #16217
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Patricia Loreal
> Sent: Friday, August 11, 2006 4:03 PM
> To: Cisco certification
> Subject: Telnet to loopback only
>
> Dear Team!
>
> Task says: "make telnet to loopback0 access with privilege 15", Easy enough
> but IMO there is a catch here The Loopbacks assigned to routers are:
>
> 150.1.1.1/32
> 150.1.2.2/32
> 150.1.3.3/32
>
> Should I permit all loopback address range at line vty in using a standard
> access-list?
>
> access-list 1 permit 150.1.1.1
> access-list 1 permit 150.1.2.2
> access-list 1 permit 150.1.3.3
>
> line vty 0 4
> access-class 1 in
>
> Opinions about this is highly appreciated
>
> Thanks
> Patricia
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART