router telnet router

chef

how to deny a router telnet to other router in extended?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Project2501

I haven't started ACLs yet but I'm guessing it would be with an acl. You would shutdown port 23.

interface ethernet0
ip access-group 102 in
!
access-list 102 deny tcp any any eq 23
access-list 102 permit ip any any

So "any any" would need to be specified otherwise that example would block all telnet access.

http://www.cisco.com/warp/public/105/ACLsamples.html#denytelnettraffic

http://en.wikipedia.org/wiki/Telnet

astorrs

A couple things, the line: "access-list 102 permit ip any any" is not necessary, it is implied.

As for the original question, from the way you phrased your question you are trying to block access from the router (router1) to another router (router2), in that case you would want to block on the out:

config t
interface ethernet0
(or whatever interface router2 is on)
ip access-group 100 out
exit
access-list 100 deny tcp host router1 host router2 eq 23
(where router1's address is its address on this interface!)
end

EdTheLad

astorrs wrote:

A couple things, the line: "access-list 102 permit ip any any" is not necessary, it is implied.

Not! there is an implicit deny at the end of an access-list

Regarding telnet access, this is usually done on the vty line with a standard access-list.
Using an extended access-list i would imagine the following works,try it out!

access-list 102 deny ip host 10.0.0.1 any
access-list 102 permit ip any any

line vty 0 4
access-class 102 in

with standard access-list as follows:

access-list 10 deny host 10.0.0.1
access-list 10 permit any
!
line vty 0 4
access-class 10 in

astorrs

sigh. I should never respond to posts when I'm tired.

Thanks, that was a 1st year mistake.