Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL to deny telnet from the open internet

Good morning, I need to configure an acl that blocks telnet access from an internet-facing router.

I think I want to do something like this:

access-list 102 deny tcp any any eq telnet

But I read a single deny entry will have the effect of implicitly denying all traffic not explicitly permitted.

How would i write this acl to only deny telnet access from the open internet but continue to allow everything else?

Thanks,

Brian

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

ACL to deny telnet from the open internet

access-list 102 deny tcp any any eq telnet

access-list 102 permit ip any any

7 REPLIES
Hall of Fame Super Bronze

ACL to deny telnet from the open internet

access-list 102 deny tcp any any eq telnet

access-list 102 permit ip any any

New Member

ACL to deny telnet from the open internet

Hi - this is interesting and I'm just learning about ACL's for my CCNA test.

Would this ACL be applied on the internet router's public side WAN interface like this. My example uses serial 0/0 as the public interface on this router.

conf t

interface serial 0/0

ip access-group 102 in

Hall of Fame Super Silver

ACL to deny telnet from the open internet

Patrick

Yes that access list would logically be applied inbound on the router's internet facing interface. The result would be that any attempt to telnet to any address inside the network, including any address on the internet router, would be denied and all other traffic would be permitted.

HTH

Rick

New Member

ACL to deny telnet from the open internet

Thanks Guys,

I tried to picture this as if I'm a tech inside the network, and I need all of my internal subnets to have telnet access to the router, but I want to block all outside traffic from telnetting in.

Thank you for the info!

Hall of Fame Super Bronze

ACL to deny telnet from the open internet

access-list 102 permit tcp [local_subnet] any eq telnet

access-list 102 deny tcp any any eq telnet

access-list 102 permit ip any any

Hall of Fame Super Bronze

ACL to deny telnet from the open internet

New Member

ACL to deny telnet from the open internet

Thank you i applied this acl accordingly it appears to be working.

27760
Views
0
Helpful
7
Replies