ACL help

RS6RS6 Member Posts: 7 ■□□□□□□□□□
I have question on a practice exam. Creating a standard access list to allow telnet from a specific computer....... that right there is throwing me off. If are only deny/permitting telnet traffic, how can you specify with a standard ACL. The example states that after you create the named list, Permit host x.x.x.x . Again that's stopping all traffic. Nothing is specifying telnet traffic. please help. thanks in advance


  • NEODREAMNEODREAM Member Posts: 124 ■■■□□□□□□□
    Well a standard ACL can only permit/deny based on the traffic source (think whitelist/blacklist). So a permit host x.x.x.x is permitting all traffic sourcing from host x.x.x.x which includes all traffic types (tcp/udp/icmp).

    An extended ACL is more granular is specifying source/target/traffic types.
    Goal: eJPT Mar. 2020 | GDAT May 2020 | eCPPT Dec. 2020
  • RS6RS6 Member Posts: 7 ■□□□□□□□□□
    Completely agree but how does a standard ACL deny/permit only telnet traffic?
  • NEODREAMNEODREAM Member Posts: 124 ■■■□□□□□□□
    I don't believe you can with a standard ACL. Not too sure why the practice exam would be asking you do restrict traffic over a specific protocol without the use of an extended ACL.
    Goal: eJPT Mar. 2020 | GDAT May 2020 | eCPPT Dec. 2020
  • RS6RS6 Member Posts: 7 ■□□□□□□□□□
    all I want to hear.

    On Router1, issue the following commands to configure a standard ACL named Router1_ADMIN:

    Router1#configure terminal Router1(config)#ip access-list standard Router1_ADMIN

    On Router1, issue the following command to add an ACL statement that allows Telnet traffic from PC3 (

    Router1(config-std-nacl)#permit host
  • Welly_59Welly_59 Member Posts: 431
    Apply the standard ACL to a vty line

    1. enable

    2. configure terminal

    3. access-list access-list-number deny {source [source-wildcard] | any} [log]

    4. access-list access-list-number permit {source [source-wildcard] | any}[log]

    5. line vty line-number [ending-line-number]

    6. access-class access-list-number in [vrf-also]

    7. exit
Sign In or Register to comment.