Absolutely. Match all in mqc class, nbar + prefix list. Good stuff.
*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI #21903, JNCI-M, JNCI-ER
swm_at_emanon.com
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
Joe Astorino wrote:
> What about using a prefix-list instead : )
>
>
> Regards,
>
> Joe Astorino
> CCIE #24347 (R&S)
> Sr. Support Engineer � IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> -----Original Message-----
> From: Splinter <splinter330_at_gmail.com>
>
> Date: Wed, 27 May 2009 20:05:40
> To: <jastorino_at_ipexpert.com>
> Cc: CCIE Groupstudy<ccielab_at_groupstudy.com>
> Subject: Re: Telnet Control
>
>
> Hi all,
>
> sorry did not elaborate on the question,
>
> it should have said that telnet needs to be sourced from the loopback
> interfaces only.
>
> NBAR will drop all telnet traffic and would not work in this regards.
>
> I think that you can only use MQC with acls then.
>
> Splinter
>
> On Wed, May 27, 2009 at 7:58 PM, Joe Astorino <jastorino_at_ipexpert.com>wrote:
>
>
>> Well I certainly agree with Ryan's solution too!
>>
>> Regards,
>>
>> Joe Astorino
>> CCIE #24347 (R&S)
>> Sr. Support Engineer � IPexpert, Inc.
>> URL: http://www.IPexpert.com
>>
>> ------------------------------
>> *From*: Splinter
>> *Date*: Wed, 27 May 2009 19:54:39 +0200
>> *To*: <jastorino_at_ipexpert.com>
>> *Subject*: Re: Telnet Control
>> Sorry Joe,
>>
>> did not mention that you must only allow from certain interfaces.
>>
>> Splinter
>>
>> On Wed, May 27, 2009 at 7:51 PM, Joe Astorino <jastorino_at_ipexpert.com>wrote:
>>
>>
>>> Hmmmmmm "no transport input telnet" for NO connections.
>>>
>>>
>>> ------Original Message------
>>> From: Splinter
>>> Sender: nobody_at_groupstudy.com
>>> To: CCIE Groupstudy
>>> ReplyTo: Splinter
>>> Subject: Telnet Control
>>> Sent: May 27, 2009 1:32 PM
>>>
>>> Hi,
>>>
>>> is there any other way to configure telnet access control without using
>>> acls.
>>>
>>>
>>> i know it can be done with MQC but then you will be using acls to
>>> accomplish
>>> this task.
>>>
>>> any feedback would be great.
>>>
>>> Splinter
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Regards,
>>>
>>> Joe Astorino
>>> CCIE #24347 (R&S)
>>> Sr. Support Engineer � IPexpert, Inc.
>>> URL: http://www.IPexpert.com
>>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed May 27 2009 - 14:15:48 ART