Restrictive Access-Lists

From: deji500@hotmail.com
Date: Thu Apr 26 2007 - 16:41:34 ART

Next message: Salau,Olayemi: "SEMI OT: Free CCIE Online Racks Powered by Dynagen/Dynamips"
Previous message: R. Jaouen: "Re: France"
Next in thread: Darby Weaver: "Re: Restrictive Access-Lists"
Maybe reply: Darby Weaver: "Re: Restrictive Access-Lists"
Maybe reply: deji500@hotmail.com: "RE: Restrictive Access-Lists"
Maybe reply: Darby Weaver: "RE: Restrictive Access-Lists"
Maybe reply: cisco efiko: "Re: Restrictive Access-Lists"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi GS,
I can not seem to use a restrictive access-list to restrict access to a router's vty lines. I want to be able to restrict access to only one interface on the router from selected interfaces on selected routers using either ssh OR TELNET. For example, I want to allow access on to R1's loopback interface from R3 and R6 but not any interface on R2,R4 or R5.

Example using the loopback of just R3
ip access-list extended TELNET
permit ip host 150.1.3.3 host 150.1.1.1 log (does not match)
permit tcp host 150.1.3.3 host 150.1.1.1 eq telnet log (does not match)
permit tcp host 150.1.3.3 any log (this is matched)

Is it the IOS on my routers (12.3)? oR the access-class command on the vty lines does not like restrictive ACLs? DocCD uses just a standard ACL or its not just possible.

Thanks for your help

Next message: Salau,Olayemi: "SEMI OT: Free CCIE Online Racks Powered by Dynagen/Dynamips"
Previous message: R. Jaouen: "Re: France"
Next in thread: Darby Weaver: "Re: Restrictive Access-Lists"
Maybe reply: Darby Weaver: "Re: Restrictive Access-Lists"
Maybe reply: deji500@hotmail.com: "RE: Restrictive Access-Lists"
Maybe reply: Darby Weaver: "RE: Restrictive Access-Lists"
Maybe reply: cisco efiko: "Re: Restrictive Access-Lists"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:38 ART