Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

question about access-list

Hi all,

If I want to just permit telnet between R1 and R2,and Deny other traffic but I R1 and R2 running dynamic routing (e.g. ospf), should I also add "access-list x permit ospf any" so the config is as the following:

access-list 1 permit telnet any

access-list 1 permit ospf any

or just"

access-list 1 permit telnet any

Thank You!

Best Regards

Teru Lei

1 REPLY
Silver

Re: question about access-list

Access-lists don't block traffic originated by the router itself. So if you want to permit only telnet between routers I recommend to config this (both routers):

access-list 1 deny any

and apply as outbound to the interfaces the routers use to connect each other. This will block all traffic but won´t block OSPF updates.

To filter telnet traffic you should use:

At R1:

access-list 2 permit R2-IPadd 0.0.0.0

line vty 0 4

access-class 2 in

At R2:

access-list 2 permit R1-IPadd 0.0.0.0

line vty 0 4

access-class 2 in

This only will permit telnet between routers. But take care, cause in this way you can't telnet this routers from any host in your network. You will have to log on one router via console and then you can telnet the other one.

Hope this helps you

81
Views
0
Helpful
1
Replies
CreatePlease to create content