02-15-2007 11:31 AM - edited 02-20-2020 09:38 PM
Apparently I'm reading the following acl incorrectly relative to telnet. Shouldn't telnet be blocked to all hosts except the two on the permit lines?
access-list 140 deny tcp 15.40.0.0 0.0.255.255 any eq 2967
access-list 140 permit tcp 15.40.0.0 0.0.255.255 host 137.14.213.45 eq telnet
access-list 140 permit tcp 15.40.0.0 0.0.255.255 host 20.19.50.50 eq telnet
access-list 140 deny tcp any any eq telnet
access-list 140 deny ip 15.40.0.0 0.0.255.255 61.172.146.0 0.0.0.255
access-list 140 deny ip any host 66.151.158.177 log
access-list 140 permit ip 15.40.0.0 0.0.255.255 any
02-15-2007 11:39 AM
Yes, as long as you have applied the acl correctly.
02-15-2007 11:58 AM
It's an outbound acl. If I remove the two telnet permits I find all telnet traffic is stopped as expected. With the two permit lines added I find telnet is allowed to any host.
Maybe I'm missing something about having applied the acl correctly?
02-15-2007 12:24 PM
You'll have to be more specific as to where and how the acl is applied and where the networks are. What device are we dealing with anyway?
02-15-2007 12:26 PM
Keith
Perhaps you can supply some details about the topology and details of how the access list is being applied. That might help us give you a better answer.
HTH
Rick
02-15-2007 01:11 PM
Problem disappeared after a reload. After the reload I tried to duplicate the condition by removing and re-building the acl but it now functions as expected. I find it odd that a problem like this manifested itself so specifically without any other apparent symptoms. oh well...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide