router telnet router
chef
Member Posts: 3 ■□□□□□□□□□
in CCNA & CCENT
Comments
-
Project2501
Member Posts: 60 ■■□□□□□□□□
I haven't started ACLs yet but I'm guessing it would be with an acl. You would shutdown port 23.interface ethernet0 ip access-group 102 in ! access-list 102 deny tcp any any eq 23 access-list 102 permit ip any any
So "any any" would need to be specified otherwise that example would block all telnet access.
http://www.cisco.com/warp/public/105/ACLsamples.html#denytelnettraffic
http://en.wikipedia.org/wiki/Telnet- Pete -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
A couple things, the line: "access-list 102 permit ip any any" is not necessary, it is implied.
As for the original question, from the way you phrased your question you are trying to block access from the router (router1) to another router (router2), in that case you would want to block on the out:
config t
interface ethernet0
(or whatever interface router2 is on)
ip access-group 100 out
exit
access-list 100 deny tcp host router1 host router2 eq 23
(where router1's address is its address on this interface!)
end -
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
astorrs wrote:A couple things, the line: "access-list 102 permit ip any any" is not necessary, it is implied.
Not! there is an implicit deny at the end of an access-list
Regarding telnet access, this is usually done on the vty line with a standard access-list.
Using an extended access-list i would imagine the following works,try it out!
access-list 102 deny ip host 10.0.0.1 any
access-list 102 permit ip any any
line vty 0 4
access-class 102 in
with standard access-list as follows:
access-list 10 deny host 10.0.0.1
access-list 10 permit any
!
line vty 0 4
access-class 10 inNetworking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
sigh. I should never respond to posts when I'm tired.
Thanks, that was a 1st year mistake.