You can also use local policy PBR to drop returning telnet packets to
non-loopback IP addresses.
Assuming Loopback addresses are in the scope of 9.1.99.*
R1(config)#access-list 101 deny ip any 9.1.99.0 0.0.0.255
R1(config)#access-list 101 permit tcp any eq 23 any
!
R1(config)#route-map rmDenyTelnet
R1(config-route-map)#match ip address 101
R1(config-route-map)#set interface null 0
!
R1(config)#ip local policy route-map rmDenyTelnet
HTH
Best regards,
Dan
On Wed, May 27, 2009 at 8:32 PM, Splinter <splinter330_at_gmail.com> wrote:
> Hi,
>
> is there any other way to configure telnet access control without using
> acls.
>
>
> i know it can be done with MQC but then you will be using acls to
> accomplish
> this task.
>
> any feedback would be great.
>
> Splinter
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri May 29 2009 - 07:49:07 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:43 ART