02-15-2007 11:31 AM - edited 02-20-2020 09:38 PM
Apparently I'm reading the following acl incorrectly relative to telnet. Shouldn't telnet be blocked to all hosts except the two on the permit lines?
access-list 140 deny tcp 15.40.0.0 0.0.255.255 any eq 2967
access-list 140 permit tcp 15.40.0.0 0.0.255.255 host 137.14.213.45 eq telnet
access-list 140 permit tcp 15.40.0.0 0.0.255.255 host 20.19.50.50 eq telnet
access-list 140 deny tcp any any eq telnet
access-list 140 deny ip 15.40.0.0 0.0.255.255 61.172.146.0 0.0.0.255
access-list 140 deny ip any host 66.151.158.177 log
access-list 140 permit ip 15.40.0.0 0.0.255.255 any
02-15-2007 11:39 AM
Yes, as long as you have applied the acl correctly.
02-15-2007 11:58 AM
It's an outbound acl. If I remove the two telnet permits I find all telnet traffic is stopped as expected. With the two permit lines added I find telnet is allowed to any host.
Maybe I'm missing something about having applied the acl correctly?
02-15-2007 12:24 PM
You'll have to be more specific as to where and how the acl is applied and where the networks are. What device are we dealing with anyway?
02-15-2007 12:26 PM
Keith
Perhaps you can supply some details about the topology and details of how the access list is being applied. That might help us give you a better answer.
HTH
Rick
02-15-2007 01:11 PM
Problem disappeared after a reload. After the reload I tried to duplicate the condition by removing and re-building the acl but it now functions as expected. I find it odd that a problem like this manifested itself so specifically without any other apparent symptoms. oh well...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: