GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE : Telnet established posted 09/15/2001
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


It depends on if you want telnet traffic through the router or from the
router.  Access-class limits the telnetting capability from the router or to
the router, but has no effect on through traffic.

Olivier

-----Message d'origine-----
De : Aqui Ordonez [mailto:aordonez@xxxxxxxxxx] 
Envoyi : 15 septembre, 2001 12:27
@ : Olivier Martin; 'CCIE Cisco'; ccielab@xxxxxxxxxxxxxx
Objet : Re: Telnet established


Why not just create an access list on R1 that allows telnet traffic from
wherever you want it to come from, but not R2, and apply it as 'access-class
ListNumberOrName in' on line vty 0 4 ?


-----Original Message-----
From: Olivier Martin <omartin@xxxxxxxx>
To: 'CCIE Cisco' <c_ccie@xxxxxxxxxxx>; ccielab@xxxxxxxxxxxxxx
<ccielab@xxxxxxxxxxxxxx>
Date: Saturday, September 15, 2001 11:05 AM
Subject: RE : Telnet established


>You should apply the following access-list on R1 Serial 0 (in)
>
>access-list 100 permit tcp any eq telnet any
>access-list 100 deny ip any any
>
>Interface serial0
> ip access-group 100 in
>
>This way, established telnet traffic, comming from TCP port 23 on R2 
>will
be
>allowed to cross the link and make its way through R1.
>
>Nothing special on R1 has to be done to allow it to telnet out.. If you
want
>to restrict the traffic only to telnet outbound on R1 (this will 
>prevent routing updates.. Depending on how you write your 
>access-lists).
>
>access-list 101 permit tcp any any eq 23
>access-list 101 deny ip any any
>
>Interface serial0
> ip access-group 101 out
>
>The traffic directed outbound serial0 will be evaluated against the 101 
>access-list..
>
>This should work..
>
>Olivier
>
>
>
>-----Message d'origine-----
>De : CCIE Cisco [mailto:c_ccie@xxxxxxxxxxx]
>Envoyi : 15 septembre, 2001 08:36
>@ : ccielab@xxxxxxxxxxxxxx
>Objet : Telnet established
>
>
>Hi,
>
>I am having R1 and R2 connected on serial link.
>
>
>     R1--------------------R2
>    (10.10.10.1)           (10.10.10.2)
>
>
>I am at R1 and I want to telnet to R2 but I don't want to allow R2 to
telnet
>
>into R1.
>
>Can any one suggest access-lsit and where to apply (serial in/out)
>
>Thnaks in advance
>
>Mer
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at 
>http://explorer.msn.com/intl.asp **Please 
>read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab