Re: telnet reply address

From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Tue Sep 25 2007 - 05:22:08 ART

• Next message: shady darwish: "need advice for studing hour"
• Previous message: slevin kremera: "iewb v4.1 lab 10 task 3.2 eigrp load distribution"
• Maybe in reply to: Jason Guy \(jguy\): "telnet reply address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jason,

An interesting one.

I think is something along the lines of the VTY line not actually having an
IP address and the specifics of access-class. It's an access-class used as
opposed to an access-group on an interface. Similar things appear in this
link covering ppp troubleshooring way back in 2000 on freebsd list.

http://people.freebsd.org/~hm/i4b/node62.html

In this example you get 0.0.0.0 for the telnet address until address
negotiation and assignment takes place with a remote end. In the case of the
VTY line on your router this never happens.

(sic)
This address assignment taking place is also the reason for the first telnet
connection failing with the error message ``Can't assign requested
address'': this telnet connection uses the address 0.0.0.0 as its
destination address, because the address negotiation and assignment has not
yet taken place and 0.0.0.0 is an illegal address in such packets. After the
address assignment has taken place, the second telnet succeeds connecting to
the remote system.

Regards

Gary

----- Original Message -----
From: "Jason Guy (jguy)" <jguy@cisco.com>
To: <ccielab@groupstudy.com>
Sent: Monday, September 24, 2007 11:34 PM
Subject: telnet reply address

>I have a fairly basic question related to the mechanics of the VTY
> lines. While looking at the VTY line access-class output, I noticed it
> always sees the telnet destination as 0.0.0.0, as seen in the access log
> below:
>
>
>
> *Sep 24 22:07:22.565: %SEC-6-IPACCESSLOGP: list 100 denied tcp
> 155.1.0.5(11359) -> 0.0.0.0(23), 1 packet
>
>
>
> Why does the router see the destination of the packet as zero's? I
> think it sort of makes sense, but not really. It is saying, "This
> packet tried to connect to MY line", where MY = 0.0.0.0. When I think
> about the operation of the ACL, I think it should still be logging the
> source/destination as it would appear in the telnet packet entering the
> router. Is the packet actually being altered?
>
>
>
> If I put the same ACL inbound on the interface it shows the drop like
> this:
> *Sep 24 22:14:18.901: %SEC-6-IPACCESSLOGP: list 100 denied tcp
> 155.1.0.5(45098) -> 155.1.0.4(23), 1 packet
>
>
>
> Does the router see the telnet packet, destined to itself, strip out the
> destination to route it to the VTY's with a source of 0.0.0.0? Just
> curious what operations are taking place. I assume the packet is not
> altered, and the access-class just doesn't care specifically which
> interface the packet was destined for.
>
>
>
> Thanks,
>
> Jason
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: shady darwish: "need advice for studing hour"
• Previous message: slevin kremera: "iewb v4.1 lab 10 task 3.2 eigrp load distribution"
• Maybe in reply to: Jason Guy \(jguy\): "telnet reply address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:15 ART