From: Aaron Pilcher (apilcher@itgcs.com)
Date: Sun Oct 29 2006 - 10:23:48 ART
When a standard access-list is applied to a vty line and multiple transports
are enabled (* see below) it will allow those devices to connect via all
mediums. For example SSH and Telnet would be allowed. However, if you use
an extended access-list, (eq telnet, or eq ssh) only the permitted would be
allowed.
To note something, if you change the acl while you are in a session via the
vty it will not affect the current session, only new ones.
* Rack1R4(config-line)#transport input ?
all All protocols
lapb-ta LAPB Terminal Adapter
lat DEC LAT protocol
mop DEC MOP Remote Console Protocol
none No protocols
pad X.3 PAD
rlogin Unix rlogin protocol
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
udptn UDPTN async via UDP protocol
v120 Async over ISDN
-aaron
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Zuo
Sent: Saturday, October 28, 2006 10:54 PM
To: ccielab@groupstudy.com
Subject: access-class applied to VTY
Hi Group,
If the an access list is applied to the vty lines, does the access-list
check only telnet traffic? Ie: the following will always fail?
Access-list 100 permit tcp any any neq telnet
Thanks in advance...
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART