Cannot Telnet to 3725

Unanswered Question
Sep 28th, 2009

Found this in my router:

Extended IP access list sl_def_acl

10 deny tcp any any eq telnet log

20 deny tcp any any eq www log

30 deny tcp any any eq 22 log

40 permit ip any any log

I did not add this and I cannot get rid of it.

Any ideas?

It does not show up in sh run either. It is almost like a self aware threat that added the acl but now I cannot get rid of it.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
simontibbitts Tue, 09/29/2009 - 08:14


The options you have are to either remove the enhanced login config or create a quiet mode ACL of your own:

login quiet-mode access-class [ACL]

This will overwrite the sf_def_acl with a more meaningful name.

However don't feel you have to get rid of it, it is correct in being there.


Rick Morris Tue, 09/29/2009 - 08:49

It is correct but I cannot telnet to my router so I need to either get rid of it or use something else so I can log in.

simontibbitts Wed, 09/30/2009 - 00:56


Seeing this ACL does not necessarily mean it is applied to the VTY line. It is only applied when the IOS login enhancements enter silent mode.

If you remove all your enhanced login commands does telnet work?

If no then you need to troubleshoot the telnet problem like normal and disregard the ACL you are concentrating on.

If yes then you need to give us more information like

1) 'show login' (during problem)

2) 'show login failures' (during problem)

3) all the login commands you have configured

4) the line vty configuration



This Discussion