Options
ACL help
RS6
Member Posts: 7 ■□□□□□□□□□
in CCNA & CCENT
I have question on a practice exam. Creating a standard access list to allow telnet from a specific computer....... that right there is throwing me off. If are only deny/permitting telnet traffic, how can you specify with a standard ACL. The example states that after you create the named list, Permit host x.x.x.x . Again that's stopping all traffic. Nothing is specifying telnet traffic. please help. thanks in advance
Comments
-
Options
NEODREAM
Member Posts: 124 ■■■□□□□□□□
Well a standard ACL can only permit/deny based on the traffic source (think whitelist/blacklist). So a permit host x.x.x.x is permitting all traffic sourcing from host x.x.x.x which includes all traffic types (tcp/udp/icmp).
An extended ACL is more granular is specifying source/target/traffic types. -
OptionsRS6
Member Posts: 7 ■□□□□□□□□□
Completely agree but how does a standard ACL deny/permit only telnet traffic?
-
OptionsNEODREAM
Member Posts: 124 ■■■□□□□□□□
I don't believe you can with a standard ACL. Not too sure why the practice exam would be asking you do restrict traffic over a specific protocol without the use of an extended ACL.
-
OptionsRS6
Member Posts: 7 ■□□□□□□□□□
all I want to hear.
On Router1, issue the following commands to configure a standard ACL named Router1_ADMIN:
Router1#configure terminal Router1(config)#ip access-list standard Router1_ADMIN
On Router1, issue the following command to add an ACL statement that allows Telnet traffic from PC3 (10.10.0.3):
Router1(config-std-nacl)#permit host 10.10.0.3
-
OptionsWelly_59
Member Posts: 431
Apply the standard ACL to a vty line
SUMMARY STEPS
1. enable
2. configure terminal
3. access-list access-list-number deny {source [source-wildcard] | any} [log]
4. access-list access-list-number permit {source [source-wildcard] | any}[log]
5. line vty line-number [ending-line-number]
6. access-class access-list-number in [vrf-also]
7. exit