Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
25
Helpful
8
Replies

Ip access-list

alsayed
Level 1
Level 1

‎03-28-2007 03:36 AM - edited ‎03-05-2019 03:09 PM

Hi Experts!

i want to deny Users in THIS Network 10.0.0.0 to Telnet to the CORE unless 5 users(10.100.100.150-155) in this network can do telnet.i want to achieve this thr Ip access-list.how can i configure it?

10xs

Labels:
0 Helpful
8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

‎03-28-2007 03:52 AM

Hi Ali

Could you give a few more details.

What are the source IP addresses.

What are the destination IP addresses.

What are you denying or permitting.

What type of kit are you applying the access-list on eg. router, layer 3 switch etc.

Jon

alsayed
Level 1
Level 1
In response to Jon Marshall

‎03-28-2007 04:22 AM

Hi Jon!

all users in the network(10.0.0.0)can't establish a telnet seesion.

Destination ip address CORE(6509-SUP720.BUT I want to allow just for 5 users(10.100.100.150-155) to telnet into the core

10xs

0 Helpful

royalblues
Level 10
Level 10
In response to alsayed

‎03-28-2007 04:25 AM

Ali,

You would require a VTY access-list

eg.

Access-list 1 permit 10.100.100.150 0.0.0.0

Access-list 1 permit 10.100.100.151 0.0.0.0

Access-list 1 permit 10.100.100.152 0.0.0.0

Access-list 1 permit 10.100.100.153 0.0.0.0

Access-list 1 permit 10.100.100.154 0.0.0.0

Access-list 1 permit 10.100.100.155 0.0.0.0

line vty 0 15 (or 4) .... depending on the platform)

access-class 1 in

transport input telnet

This would restrict the telnet access to the above 6 machines

HTH, rate if it does

Narayan

alsayed
Level 1
Level 1
In response to royalblues

‎03-28-2007 04:27 AM

Hi Narayan

i need this thr ip access-list.

10xs

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to alsayed

‎03-28-2007 04:31 AM

Hi Ali

If you are trying to restrict who can telnet onto the actual supervisor Narayan is correct in the solution he provided.

If you are trying to stop telnet through the switches to another destination you would use an access-list.

HTH

Jon

royalblues
Level 10
Level 10
In response to alsayed

‎03-28-2007 04:38 AM

Ali,

Actually it is an ip access-list.

If you want it to show as ip access-list then

you can use

ip access-list standard permit-to-telnet

permit 10.100.100.150 0.0.0.0

permit 10.100.100.151 0.0.0.0

permit 10.100.100.152 0.0.0.0

permit 10.100.100.153 0.0.0.0

permit 10.100.100.154 0.0.0.0

permit 10.100.100.155 0.0.0.0

HTH, rate if it does

Narayan

Amit Singh
Cisco Employee
Cisco Employee
In response to alsayed

‎03-28-2007 04:36 AM

Ali,

One thing that you can do is:

access-list 1 permit host 10.100.100.151

access-list 1 permit host 10.100.100.152

access-list 1 permit host 10.100.100.153

access-list 1 permit host 10.100.100.154

access-list 1 permit host 10.100.100.155

line vty 0 4

access-class 1 in

HTH,

-amit singh

alsayed
Level 1
Level 1
In response to Amit Singh

‎03-28-2007 04:50 AM

Hello!

10xs for ur great reply

regards

Ali

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card