RE: RE : Telnet established posted 09/15/2001
- Subject: RE: RE : Telnet established
- From: "Tony Brown" <tbrown@xxxxxxxxxxx>
- Date: Sat, 15 Sep 2001 17:14:30 +0100
- Content-class: urn:content-classes:message
- Thread-index: AcE9+heE8MGJfa6bTMauK1110xmy+QABqthw
- Thread-topic: RE : Telnet established
Have you considered applying an access list to the vty?
access-list 1 deny 10.10.10.2 255.255.255.255
access-list 1 permit any
line 1 5
access-class 1 in
From: Olivier Martin [mailto:omartin@xxxxxxxx]
Sent: Saturday, September 15, 2001 3:46 PM
To: 'CCIE Cisco'; ccielab@xxxxxxxxxxxxxx
Subject: RE : Telnet established
You should apply the following access-list on R1 Serial 0 (in)
access-list 100 permit tcp any eq telnet any
access-list 100 deny ip any any
ip access-group 100 in
This way, established telnet traffic, comming from TCP port 23 on R2
allowed to cross the link and make its way through R1.
Nothing special on R1 has to be done to allow it to telnet out.. If you
to restrict the traffic only to telnet outbound on R1 (this will prevent
routing updates.. Depending on how you write your access-lists).
access-list 101 permit tcp any any eq 23
access-list 101 deny ip any any
ip access-group 101 out
The traffic directed outbound serial0 will be evaluated against the 101
This should work..
De : CCIE Cisco [mailto:c_ccie@xxxxxxxxxxx]
Envoyi : 15 septembre, 2001 08:36
@ : ccielab@xxxxxxxxxxxxxx
Objet : Telnet established
I am having R1 and R2 connected on serial link.
I am at R1 and I want to telnet to R2 but I don't want to allow R2 to
Can any one suggest access-lsit and where to apply (serial in/out)
Thnaks in advance
Get your FREE download of MSN Explorer at
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing: