From: Haas, Brad (bhaas@netinfosys.com)
Date: Fri Nov 10 2006 - 01:18:13 ART
This is PBR for traffic that is originated from the router itself...
http://www.cisco.com/univercd/cc/td/doc/product/ong/15304/15304sfw/cinde
p.htm#xtocid88238
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kal Han
Sent: Thursday, November 09, 2006 11:01 PM
To: christianus sandjaja
Cc: security@groupstudy.com; ccielab@groupstudy.com
Subject: Re: Denying telnet to port 23 on VTY
Hi
does the "ip local policy" command affect the traffic
thats passing thru the router ? or is it solely for
the traffic thats *destined to the router* ?
Thanks
Kal
On 11/9/06, christianus sandjaja <netwrangers@yahoo.com> wrote:
>
> Hi
> just try add this on your router which denying telnet. This question
also
> appears on my ccie sec lab attempt last month
>
> access-list 101 permit tcp any
> eq telnet any
> route-map telnet permit 10
> match ip address 101
> set interface
> null 0
>
> ip local policy route-map telnet
>
> then set line vty 0 4 as well
>
> line
> vty 0 4
> login
> password cisco
> rotary 03
> transport input telnet
>
> I think
> the
> main point of this questions is you need to blackhole normal telnet
using
> tcp
> 23.
> After that if you test telnet normally it will not response but if you
> telnet to port 3003 you can login as normally.CMIIW
> thanks
>
>
> chris
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART