Accesslist

Unanswered Question
Mar 6th, 2008
User Badges:

Hi,

I want to block telnet access in our internet router for that iwant to configure a accesslist in that router what is the command i want use for implimenting this.


access-list 101 deny ip <source add><source wild mask> <destination add><desti wild mask> eq 23


is this command right if there is any mistake plese inform me.



Thanks & Regards

Sham


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagendra Kumar ... Thu, 03/06/2008 - 03:31
User Badges:
  • Cisco Employee,

Hi,


If you want to block anyone connecting via telnet to your router, You can simply use a standard ACL and apply the same under line vty 0 -4. This will block telnet from specified source addresses. EX below,


access-list 1 deny any

line vty 0 4

access-class 1 in


If the ultimate device ( the one where you want users not to be connected via telnet) is within your network. Your command is right.


HTH,

Nagendra


Danilo Dy Thu, 03/06/2008 - 03:34
User Badges:
  • Blue, 1500 points or more

Hi,


For example, you only allow 192.168.1.1 telnet access to your router and block all other IPs

!

ip access-list standard VTY

permit 192.168.1.1

!

line vty 0 4

access-class VTY in

exec-timeout 15 0

transport input telnet

!

end


Regards,

Dandy

Goutam Sanyal Thu, 03/06/2008 - 03:38
User Badges:
  • Silver, 250 points or more

Hi,


As per Cisco:


To restrict incoming and outgoing connections between a particular vty (into a Cisco device) and the addresses in an access list, use the access-class command in line configuration mode. To remove access restrictions, use the no form of this command.


*Simply u can configute a Standerd ACL and enable it to line conf mode


#conf t

#line vty 0 4

#access-class access-list-number {in | out}


Thanks

Goutam

***Please use rateing sys***

Actions

This Discussion