From: Jason Guy \(jguy\) (jguy@cisco.com)
Date: Mon Sep 24 2007 - 19:34:04 ART
I have a fairly basic question related to the mechanics of the VTY
lines. While looking at the VTY line access-class output, I noticed it
always sees the telnet destination as 0.0.0.0, as seen in the access log
below:
*Sep 24 22:07:22.565: %SEC-6-IPACCESSLOGP: list 100 denied tcp
155.1.0.5(11359) -> 0.0.0.0(23), 1 packet
Why does the router see the destination of the packet as zero's? I
think it sort of makes sense, but not really. It is saying, "This
packet tried to connect to MY line", where MY = 0.0.0.0. When I think
about the operation of the ACL, I think it should still be logging the
source/destination as it would appear in the telnet packet entering the
router. Is the packet actually being altered?
If I put the same ACL inbound on the interface it shows the drop like
this:
*Sep 24 22:14:18.901: %SEC-6-IPACCESSLOGP: list 100 denied tcp
155.1.0.5(45098) -> 155.1.0.4(23), 1 packet
Does the router see the telnet packet, destined to itself, strip out the
destination to route it to the VTY's with a source of 0.0.0.0? Just
curious what operations are taking place. I assume the packet is not
altered, and the access-class just doesn't care specifically which
interface the packet was destined for.
Thanks,
Jason
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:15 ART