About Telnet access list "?"

chef · May 2008

Router 3 "EVA"
ser1/0 ip = 172.2.8.2

up
f0/0 ip = 172.2.10.1

up
access-list:

access-list 100 permit tcp host BOAZ host EVA eq telnet
access-list 100 permit tcp host 172.2.2.1 host 172.2.8.2 eq telnet
access-list 100 permit tcp host 172.2.2.1 host 172.2.10.1 eq telnet
access-list 100 permit tcp host 172.2.4.1 host 172.2.8.2 eq telnet
access-list 100 permit tcp host 172.2.4.1 host 172.2.10.1 eq telnet
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any

int ser 1/0
ip access-group 100 in
int f0/0
ip access-group 100 in
exit

Rouer 1 = "Boaz"

ser1/0 = 172.2.4.1

up
f0/0 = 172.2.2.1

up
ip host name EVA 172.2.8.2 172.2.10.1

*************************************************
when i try to telnet to EVA 172.2.8.2 it is die
but 172.2.10.1 it is OK.
why?
i can't find where's the wrong.

chef · May 2008

EVA#sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.2.10.1 YES manual up up
Serial1/0 172.2.8.2 YES SLARP up up

******************************************************
why "SLARP" was set there? i didn't change to "SLARP", why ?

can any help me!

kryolla · May 2008

apply the access list on the vty lines not the phsysical interface if you are trying to telnet to a router. Put it on the phsyical interface of you want to deny telnet to downstream hosts such as a server. Can you ping 172.2.8.2. Also is both fa int connected together and both serial int connected together. Also do a sh access-list and see when you telnet what portion of the access list log increments.

lildeezul · May 2008

you can also just create a standard access list for telnet.

such as

access-list 1 deny 1.1.1.1 0.0.0.0
access-list 1 permit any

then apply to VTY LINES>

ex:

(config)# line vty 0 4
(config-line)# access-class 1 in

About Telnet access list "?"

Comments