program routersim Netviz 4.0 and ACL list.
99none
Member Posts: 1 ■□□□□□□□□□
in CCNA & CCENT
hi,
- I try program Netviz 4.0 , update to version 4.0.12 to make lab.
- write ACL list to prevent telnet access to router1.
- configuration
..........................................................
hostname router1
!
interface FastEthernet0/0
ip address 192.168.149.1 255.255.255.0
no ip directed-broadcast
ip access-group 110 in
!
interface Serial0/0
ip address 192.168.199.1 255.255.255.0
no ip directed-broadcast
ip access-group 110 in
clockrate 64000
!
access-list 110 deny tcp any host 192.168.149.1 eq telnet
access-list 110 deny tcp any host 192.168.199.1 eq telnet
access-list 110 permit ip any any
.............................................................
PC host1 connect to router1 on fe0/0
- but telnet from from PC Host1 to address router1
working, ping from this workstation don't working.
- maybe i make any mistake in my configuration.
- I try program Netviz 4.0 , update to version 4.0.12 to make lab.
- write ACL list to prevent telnet access to router1.
- configuration
..........................................................
hostname router1
!
interface FastEthernet0/0
ip address 192.168.149.1 255.255.255.0
no ip directed-broadcast
ip access-group 110 in
!
interface Serial0/0
ip address 192.168.199.1 255.255.255.0
no ip directed-broadcast
ip access-group 110 in
clockrate 64000
!
access-list 110 deny tcp any host 192.168.149.1 eq telnet
access-list 110 deny tcp any host 192.168.199.1 eq telnet
access-list 110 permit ip any any
.............................................................
PC host1 connect to router1 on fe0/0
- but telnet from from PC Host1 to address router1
working, ping from this workstation don't working.
- maybe i make any mistake in my configuration.
Comments
-
Miek Member Posts: 47 ■■□□□□□□□□To prevent telnet access on a router from a specific host or a network you should use a access-class and not an access-group.
This means you're going to apply your ACL to the line vty and not to an interface.
Try this:
router(config)#access-list 1 deny any
-> to block all traffic
router(config)#line vty 0 4
router(config-if)# access-class 1 in
-> you're going to use an standard ACL because you only have to specify the network the traffic is comming from. You're going to apply it on the line vty and this one can only accept telnet traffic.
Hope this will work