02-23-2006 09:44 PM - edited 03-03-2019 11:51 AM
Hello,
I'm creating an access list and applying to Switches and Routers for telnet access in my NW.As per requirement, only Network Team hosts only should be able to do the telnet to NW equipments and do the necessary configuration and it should get logged also (both allowed and denied IP addresses). I have created the sample , just want to confirm before applying.
access-list 23 permit 10.1.10.40 log
access-list 23 permit 10.1.10.44 log
access-list 23 permit 10.1.10.46 log
access-list 23 permit 10.1.10.48 log
access-list 23 permit 10.1.10.50 log
access-list 23 permit 10.1.0.106 log
access-list 23 permit 10.1.0.110 log
access-list 23 permit 10.44.20.67 log
access-list 23 permit 10.44.20.65 log
access-list 23 deny any log
Regards,
Raju
02-23-2006 10:00 PM
Hi Raju,
Seems to be ok but you have not defined source-wildcard and also make sure when you apply it on vty lines you configure access class and not access group.
Cause for telnet you need to configure access class and not access group.
To restrict incoming and outgoing connections between a particular vty (into a Cisco device) and the addresses in an access list, use the access-class command in line configuration mode.
Have a look at this link
As per me your access list should look like this
access-list 23 permit host 10.1.10.40 log
and need to be same for all other permit statements
HTH, if yes please rate the post.
Ankur
02-23-2006 11:37 PM
Try this configuration
line vty 0 4
access-class 23 in
You can look at log event with command show logging or loot at your sever log with configuration:
logging X.X.X.X (server log ip address)
logging on
please, hope this help and rate this post.
02-24-2006 07:17 PM
you could do the following:
access-list 23 permit host 10.1.10.40 log
access-list 23 permit host 10.1.10.44 log
access-list 23 permit host 10.1.10.46 log
access-list 23 permit host 10.1.10.48 log
access-list 23 permit host 10.1.10.50 log
access-list 23 permit host 10.1.0.106 log
access-list 23 permit host 10.1.0.110 log
access-list 23 permit host 10.44.20.67 log
access-list 23 permit host 10.44.20.65 log
access-list 23 deny any log
!
line vty 0 15
access-class 23 in
!
Be sure to use line vty 0 15 and not 0 4.
Hope this help.
jc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide