Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1099
Views
0
Helpful
4
Replies

extended ACL block telnet visit

Go to solution
dannan lin
Level 1
Level 1

ā€Ž06-29-2012 08:29 AM - edited ā€Ž03-07-2019 07:31 AM

2012-06-29_231729.jpg

hi:

i have a scenario like above.  i wanted to allow R1 telnet R3, but R3 couldn't telnet R1.

i put an acl on f0/1 of R2 with "in" direction.

    10 permit tcp host 2.2.2.2 host 1.1.1.1 established

it worked, however it didn't work if i used following acl

           10 permit tcp host 2.2.2.2 host 1.1.1.1 eq telnet established

above acl will block telnet from both sides.

i think the problem lies with "telnet", but what caused this ? isn't telnet a part of tcp protocol suit (port 23)  ļ¼Ÿ

Your help is much appreciated.

have a nice day.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

ā€Ž06-29-2012 08:34 AM

The way that you have made the access list entry telnet would be the destination port. But when R3 sends response to R1 then telnet will be the source port. I think that your original access list is ok but if you want to make it more specific then try this version

permit tcp host 2.2.2.2 eq telnet  host 1.1.1.1 established

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

ā€Ž06-29-2012 08:34 AM

The way that you have made the access list entry telnet would be the destination port. But when R3 sends response to R1 then telnet will be the source port. I think that your original access list is ok but if you want to make it more specific then try this version

permit tcp host 2.2.2.2 eq telnet  host 1.1.1.1 established

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
dannan lin
Level 1
Level 1
In response to Richard Burts

ā€Ž07-01-2012 07:27 AM

thanks Richardļ¼Œ it workedļ¼Œ but i have an additional question .what if i still want my eigrp hello packets to pass through, in other words i still want to keep my routing table. i cannot use another  permit statements can i ? 

thanks for spending your valueable time on such simple questions.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to dannan lin

ā€Ž07-08-2012 09:58 AM

You can allow eigrp through in your acl:

permit eigrp any any

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
dannan lin
Level 1
Level 1
In response to Richard Burts

ā€Ž07-08-2012 07:03 AM

thanks richards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card