acl confusion

krjohnson · ‎02-15-2007

Apparently I'm reading the following acl incorrectly relative to telnet. Shouldn't telnet be blocked to all hosts except the two on the permit lines?

access-list 140 deny tcp 15.40.0.0 0.0.255.255 any eq 2967

access-list 140 permit tcp 15.40.0.0 0.0.255.255 host 137.14.213.45 eq telnet

access-list 140 permit tcp 15.40.0.0 0.0.255.255 host 20.19.50.50 eq telnet

access-list 140 deny tcp any any eq telnet

access-list 140 deny ip 15.40.0.0 0.0.255.255 61.172.146.0 0.0.0.255

access-list 140 deny ip any host 66.151.158.177 log

access-list 140 permit ip 15.40.0.0 0.0.255.255 any

acomiskey · ‎02-15-2007

Yes, as long as you have applied the acl correctly.

krjohnson · ‎02-15-2007

It's an outbound acl. If I remove the two telnet permits I find all telnet traffic is stopped as expected. With the two permit lines added I find telnet is allowed to any host.

Maybe I'm missing something about having applied the acl correctly?

acomiskey · ‎02-15-2007

You'll have to be more specific as to where and how the acl is applied and where the networks are. What device are we dealing with anyway?

Richard Burts · ‎02-15-2007

Keith

Perhaps you can supply some details about the topology and details of how the access list is being applied. That might help us give you a better answer.

HTH

Rick

HTH

Rick

krjohnson · ‎02-15-2007

Problem disappeared after a reload. After the reload I tried to duplicate the condition by removing and re-building the acl but it now functions as expected. I find it odd that a problem like this manifested itself so specifically without any other apparent symptoms. oh well...