Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

extended ACL block telnet visit

2012-06-29_231729.jpg

hi:

i have a scenario like above.  i wanted to allow R1 telnet R3, but R3 couldn't telnet R1.

i put an acl on f0/1 of R2 with "in" direction.

    10 permit tcp host 2.2.2.2 host 1.1.1.1 established

it worked, however it didn't work if i used following acl

           10 permit tcp host 2.2.2.2 host 1.1.1.1 eq telnet established

above acl will block telnet from both sides.

i think the problem lies with "telnet", but what caused this ? isn't telnet a part of tcp protocol suit (port 23)  ?

Your help is much appreciated.

have a nice day.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

extended ACL block telnet visit

The way that you have made the access list entry telnet would be the destination port. But when R3 sends response to R1 then telnet will be the source port. I think that your original access list is ok but if you want to make it more specific then try this version

permit tcp host 2.2.2.2 eq telnet  host 1.1.1.1 established

HTH

Rick

4 REPLIES
Hall of Fame Super Silver

extended ACL block telnet visit

The way that you have made the access list entry telnet would be the destination port. But when R3 sends response to R1 then telnet will be the source port. I think that your original access list is ok but if you want to make it more specific then try this version

permit tcp host 2.2.2.2 eq telnet  host 1.1.1.1 established

HTH

Rick

New Member

extended ACL block telnet visit

thanks Richard, it worked, but i have an additional question .what if i still want my eigrp hello packets to pass through, in other words i still want to keep my routing table. i cannot use another  permit statements can i ? 

thanks for spending your valueable time on such simple questions.

extended ACL block telnet visit

You can allow eigrp through in your acl:

permit eigrp any any

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

extended ACL block telnet visit

thanks richards.

430
Views
0
Helpful
4
Replies
CreatePlease login to create content