ā06-29-2012 08:29 AM - edited ā03-07-2019 07:31 AM
hi:
i have a scenario like above. i wanted to allow R1 telnet R3, but R3 couldn't telnet R1.
i put an acl on f0/1 of R2 with "in" direction.
10 permit tcp host 2.2.2.2 host 1.1.1.1 established
it worked, however it didn't work if i used following acl
10 permit tcp host 2.2.2.2 host 1.1.1.1 eq telnet established
above acl will block telnet from both sides.
i think the problem lies with "telnet", but what caused this ? isn't telnet a part of tcp protocol suit (port 23) ļ¼
Your help is much appreciated.
have a nice day.
Solved! Go to Solution.
ā06-29-2012 08:34 AM
The way that you have made the access list entry telnet would be the destination port. But when R3 sends response to R1 then telnet will be the source port. I think that your original access list is ok but if you want to make it more specific then try this version
permit tcp host 2.2.2.2 eq telnet host 1.1.1.1 established
HTH
Rick
ā06-29-2012 08:34 AM
The way that you have made the access list entry telnet would be the destination port. But when R3 sends response to R1 then telnet will be the source port. I think that your original access list is ok but if you want to make it more specific then try this version
permit tcp host 2.2.2.2 eq telnet host 1.1.1.1 established
HTH
Rick
ā07-01-2012 07:27 AM
thanks Richardļ¼ it workedļ¼ but i have an additional question .what if i still want my eigrp hello packets to pass through, in other words i still want to keep my routing table. i cannot use another permit statements can i ?
thanks for spending your valueable time on such simple questions.
ā07-08-2012 09:58 AM
You can allow eigrp through in your acl:
permit eigrp any any
HTH,
John
ā07-08-2012 07:03 AM
thanks richards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide