Re: Denying telnet to port 23 on VTY

From: Kal Han (calikali2006@gmail.com)
Date: Fri Nov 10 2006 - 01:00:35 ART

• Next message: Haas, Brad: "RE: Denying telnet to port 23 on VTY"
• Previous message: Adhu Ajit: "VLAN span question"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: Haas, Brad: "RE: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi
does the "ip local policy" command affect the traffic
thats passing thru the router ? or is it solely for
the traffic thats *destined to the router* ?

Thanks
Kal

On 11/9/06, christianus sandjaja <netwrangers@yahoo.com> wrote:
>
> Hi
> just try add this on your router which denying telnet. This question also
> appears on my ccie sec lab attempt last month
>
> access-list 101 permit tcp any
> eq telnet any
> route-map telnet permit 10
> match ip address 101
> set interface
> null 0
>
> ip local policy route-map telnet
>
> then set line vty 0 4 as well
>
> line
> vty 0 4
> login
> password cisco
> rotary 03
> transport input telnet
>
> I think
> the
> main point of this questions is you need to blackhole normal telnet using
> tcp
> 23.
> After that if you test telnet normally it will not response but if you
> telnet to port 3003 you can login as normally.CMIIW
> thanks
>
>
> chris

• Next message: Haas, Brad: "RE: Denying telnet to port 23 on VTY"
• Previous message: Adhu Ajit: "VLAN span question"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: Haas, Brad: "RE: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART