ACL telnet

Answered Question
Aug 12th, 2007
User Badges:

I have an end-router which is connected with a network which i don't control it. I want to secure the telnet access from that network to the rest of my network so i creat an extended ACL :

access-list 101 deny tcp any any eq telnet

access-list 101 permit tcp any any

access-list 101 permit ip any any.

I put the access list in the interface like that:

int s0/0

access-group 101 in

Did i do that right? Do i need to permit also ip and tcp . Is there a better way?

Thanks

moses


Correct Answer by mohammedmahmoud about 9 years 8 months ago

Hi,


the following is enough, permit ip any any does it for you, it means any thing.


access-list 101 deny tcp any any eq telnet

access-list 101 permit ip any any



HTH,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
mohammedmahmoud Sun, 08/12/2007 - 10:07
User Badges:
  • Green, 3000 points or more

Hi,


the following is enough, permit ip any any does it for you, it means any thing.


access-list 101 deny tcp any any eq telnet

access-list 101 permit ip any any



HTH,

Mohammed Mahmoud.

Actions

This Discussion