ACL help

RS6

I have question on a practice exam. Creating a standard access list to allow telnet from a specific computer....... that right there is throwing me off. If are only deny/permitting telnet traffic, how can you specify with a standard ACL. The example states that after you create the named list, Permit host x.x.x.x . Again that's stopping all traffic. Nothing is specifying telnet traffic. please help. thanks in advance

NEODREAM

Well a standard ACL can only permit/deny based on the traffic source (think whitelist/blacklist). So a permit host x.x.x.x is permitting all traffic sourcing from host x.x.x.x which includes all traffic types (tcp/udp/icmp).

An extended ACL is more granular is specifying source/target/traffic types.

RS6

Completely agree but how does a standard ACL deny/permit only telnet traffic?

NEODREAM

I don't believe you can with a standard ACL. Not too sure why the practice exam would be asking you do restrict traffic over a specific protocol without the use of an extended ACL.

RS6

all I want to hear.

On Router1, issue the following commands to configure a standard ACL named Router1_ADMIN:

Router1#configure terminal Router1(config)#ip access-list standard Router1_ADMIN

On Router1, issue the following command to add an ACL statement that allows Telnet traffic from PC3 (10.10.0.3):

Router1(config-std-nacl)#permit host 10.10.0.3

Welly_59

Apply the standard ACL to a vty line

SUMMARY STEPS
1. enable

2. configure terminal

3. access-list access-list-number deny {source [source-wildcard] | any} [log]

4. access-list access-list-number permit {source [source-wildcard] | any}[log]

5. line vty line-number [ending-line-number]

6. access-class access-list-number in [vrf-also]

7. exit