GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: ACL [7:83974] posted 02/07/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Thomas
Really depends on what you are trying to achieve.  You can restrict access
to the router via telnet by creating a standard ip acl that lists the
addresses of the machines that you want to give/deny access and adding this
as an inbound access-class to the vty lines, like this:

access-list 50 deny host 99.99.99.21
access-list 50 permit 99.99.99.0 0.0.0.255

line vty 0 4
 access-class 99 in (if you add out if restricts access *from* the router)
 password goes-here
 login

This permits everyone on the 99.99.99.0/24 subnet to access the router
except .21

Difficult to tell why your acl is not working, is 128.1.1.1 the address of
one of your i/faces?  When you telnet from your router, is it using a source
address other than 128.1.1.1 and getting caught by the acl.  Post the entire
config is you want a better answer.

Cheers

Jimmy





""news.groupstudy.com""  wrote in message
news:200402070544.i175ifZa026962@xxxxxxxxxxxxxxxxx
> Hi All - I setup a lab and ran into ACL problem.  I got an ACL on a router
> to block all incoming telnet sessions;  however, this also blocked the
> telnet session originate from this router, even I allowed the IP address
of
> the outside interface talking to "any".  For example, the IP address of
the
> serial interface is 128.1.1.1, I got the following ACL:
>
> (config)# access-list 110 permit tcp host 128.1.1.1 any eq telnet
> (config)# access-list 110 permit tcp any host 128.1.1.1 eq telnet
> (config)# access-list 110 deny ip any any
>
> What did I do wrong? or it's the nature of the ACLs on Cisco routers?  Is
> there workaround on this?  Thanks much!
>
> Thomas
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=83983&t=83974
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html