acl confusion

Unanswered Question
Feb 15th, 2007

Apparently I'm reading the following acl incorrectly relative to telnet. Shouldn't telnet be blocked to all hosts except the two on the permit lines?

access-list 140 deny tcp any eq 2967

access-list 140 permit tcp host eq telnet

access-list 140 permit tcp host eq telnet

access-list 140 deny tcp any any eq telnet

access-list 140 deny ip

access-list 140 deny ip any host log

access-list 140 permit ip any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
krjohnson Thu, 02/15/2007 - 11:58

It's an outbound acl. If I remove the two telnet permits I find all telnet traffic is stopped as expected. With the two permit lines added I find telnet is allowed to any host.

Maybe I'm missing something about having applied the acl correctly?

acomiskey Thu, 02/15/2007 - 12:24

You'll have to be more specific as to where and how the acl is applied and where the networks are. What device are we dealing with anyway?

Richard Burts Thu, 02/15/2007 - 12:26


Perhaps you can supply some details about the topology and details of how the access list is being applied. That might help us give you a better answer.



krjohnson Thu, 02/15/2007 - 13:11

Problem disappeared after a reload. After the reload I tried to duplicate the condition by removing and re-building the acl but it now functions as expected. I find it odd that a problem like this manifested itself so specifically without any other apparent symptoms. oh well...


This Discussion