GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: RE : Telnet established posted 09/15/2001
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi,

Have you considered applying an access list to the vty?


ie. 

access-list 1 deny 10.10.10.2 255.255.255.255
access-list 1 permit any

line 1 5
access-class 1 in



-Tony


-----Original Message-----
From: Olivier Martin [mailto:omartin@xxxxxxxx]
Sent: Saturday, September 15, 2001 3:46 PM
To: 'CCIE Cisco'; ccielab@xxxxxxxxxxxxxx
Subject: RE : Telnet established


You should apply the following access-list on R1 Serial 0 (in)

access-list 100 permit tcp any eq telnet any
access-list 100 deny ip any any

Interface serial0
 ip access-group 100 in

This way, established telnet traffic, comming from TCP port 23 on R2
will be
allowed to cross the link and make its way through R1.

Nothing special on R1 has to be done to allow it to telnet out.. If you
want
to restrict the traffic only to telnet outbound on R1 (this will prevent
routing updates.. Depending on how you write your access-lists).

access-list 101 permit tcp any any eq 23
access-list 101 deny ip any any

Interface serial0
 ip access-group 101 out

The traffic directed outbound serial0 will be evaluated against the 101
access-list..

This should work..

Olivier



-----Message d'origine-----
De : CCIE Cisco [mailto:c_ccie@xxxxxxxxxxx] 
Envoyi : 15 septembre, 2001 08:36
@ : ccielab@xxxxxxxxxxxxxx
Objet : Telnet established


Hi,

I am having R1 and R2 connected on serial link.


     R1--------------------R2
    (10.10.10.1)           (10.10.10.2)


I am at R1 and I want to telnet to R2 but I don't want to allow R2 to
telnet

into R1.

Can any one suggest access-lsit and where to apply (serial in/out)

Thnaks in advance

Mer

_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab