Denying telnet traffic from VRF interfaces on the router

Unanswered Question
Apr 3rd, 2007
User Badges:


We are currently trying to accomplish incomming telnet traffic from an VRF interface to be denied by the router(7613--IOS:12.2(18)SXF4). In the line vty , we have associated an access-class specifying the block should be allowed for inbound telnet connection to the router. This is working good but it also allows the incomming telnet from an VRF interface having the same block as the global table block which is configured for allowing the incomming telnet connection. We don't want to allow any telnet connection from the vrf interface , even though it matches the permit block in the access-list

Kindly note that, we have not specified vrf-also command on the access-class.

Please let us a way to accomplish the above requirement .

Thanking You


Anantha Subramanian Natarajan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
gmarogi Mon, 04/09/2007 - 09:36
User Badges:
  • Bronze, 100 points or more

To deny the Telnet traffic from the VRF interface configure an access list to deny all traffic which matches telnet port, also remember to permit all other traffic in the next line and apply the access list to the VRF interface.

anasubra_2 Mon, 04/09/2007 - 11:29
User Badges:


Thanks for the suggestion.

I think, I haven't made my requirement clear. We would not like applying access-list to the VRF interfaces to acheive this requirement bcos, then we may have to bind to all the VRF interfaces(I mean customer interfaces),we acting as service provider. We are looking the way by applying access-class binded to line vty ,which is common to all the telnet traffic.

Kindly let us know,if you have some suggestions on the same


Anantha Subramanian Natarajan


This Discussion