08-06-2009 01:51 PM - edited 03-06-2019 07:07 AM
Hi every body.
My bookshows how a standard access list can be used to control telnet acesss.
I am just wondering if we can use extended acces list instead of standard access list.
Let say i want only users on the subnet 198.198.198.0/24 can telnet into my router. How extended acl can be used here ?
thanks a lot.
Solved! Go to Solution.
08-06-2009 02:03 PM
Sarah
"Let say i want only users on the subnet 198.198.198.0/24 can telnet into my router. How extended acl can be used here ?"
You would still only use a standard acl ie.
access-list 1 permit 198.198.198.0 0.0.0.255
An extended acl is used when you want to specify both src/dst IP and/or TCP/UDP ports but they don't make any sense in this scenario ie.
the destination IP address is not relevant here and you don't need to specify the ports.
Jon
08-06-2009 02:02 PM
Hello,
I assume we are talking about ACLs applied onto the VTY lines using the command access-class.
Well, an extended ACL can be used here exactly as the standard ACL. Note that every standard ACL can be translated to an extended ACL simply by specifying "any" recipient. So for your example, this would be the configuration:
access-list 100 permit ip 198.198.198.0 0.0.0.255 any
line vty 0 4
access-class 100 in
or perhaps if you wanted to limit only the telnet access from the specified network and leave the SSH open from all locations:
access-list 100 permit tcp 198.198.198.0 0.0.0.255 any eq 23
access-list 100 permit tcp any any eq 22
line vty 0 4
access-class 100 in
There's really nothing so special to it.
Best regards,
Peter
08-06-2009 02:03 PM
Sarah
"Let say i want only users on the subnet 198.198.198.0/24 can telnet into my router. How extended acl can be used here ?"
You would still only use a standard acl ie.
access-list 1 permit 198.198.198.0 0.0.0.255
An extended acl is used when you want to specify both src/dst IP and/or TCP/UDP ports but they don't make any sense in this scenario ie.
the destination IP address is not relevant here and you don't need to specify the ports.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide