Hi Dan,
That looks like a nice way to do it without having to filter
individual interfaces on the target router R1. I never thought of
that.
However you still have the ACL which isn't allowed.
Thanks
Rich
On Thu, May 28, 2009 at 11:49 PM, Danshtr <danshtr_at_gmail.com> wrote:
> You can also use local policy PBR to drop returning telnet packets to
> non-loopback IP addresses.
> Assuming Loopback addresses are in the scope of 9.1.99.*
>
> R1(config)#access-list 101 deny ip any 9.1.99.0 0.0.0.255
> R1(config)#access-list 101 permit tcp any eq 23 any
> !
> R1(config)#route-map rmDenyTelnet
> R1(config-route-map)#match ip address 101
> R1(config-route-map)#set interface null 0
> !
> R1(config)#ip local policy route-map rmDenyTelnet
>
> HTH
>
>
>
> Best regards,
> Dan
>
>
>
> On Wed, May 27, 2009 at 8:32 PM, Splinter <splinter330_at_gmail.com> wrote:
>
>> Hi,
>>
>> is there any other way to configure telnet access control without using
>> acls.
>>
>>
>> i know it can be done with MQC but then you will be using acls to
>> accomplish
>> this task.
>>
>> any feedback would be great.
>>
>> Splinter
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri May 29 2009 - 06:59:14 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:43 ART