Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
Silver

Cannot Telnet to 3725

Found this in my router:

Extended IP access list sl_def_acl

10 deny tcp any any eq telnet log

20 deny tcp any any eq www log

30 deny tcp any any eq 22 log

40 permit ip any any log

I did not add this and I cannot get rid of it.

Any ideas?

It does not show up in sh run either. It is almost like a self aware threat that added the acl but now I cannot get rid of it.

5 REPLIES

Re: Cannot Telnet to 3725

Hello.

It is an automatic ACL that is applied when you configure the new IOS login enhancements.

This link has all the information you need:

http://blog.ioshints.info/2006/12/cisco-ios-login-enhancements.html

Kind Regards

Simon

Silver

Re: Cannot Telnet to 3725

any idea how to get rid of it?

Re: Cannot Telnet to 3725

Hi.

The options you have are to either remove the enhanced login config or create a quiet mode ACL of your own:

login quiet-mode access-class [ACL]

This will overwrite the sf_def_acl with a more meaningful name.

However don't feel you have to get rid of it, it is correct in being there.

Simon

Silver

Re: Cannot Telnet to 3725

It is correct but I cannot telnet to my router so I need to either get rid of it or use something else so I can log in.

Re: Cannot Telnet to 3725

Hello.

Seeing this ACL does not necessarily mean it is applied to the VTY line. It is only applied when the IOS login enhancements enter silent mode.

If you remove all your enhanced login commands does telnet work?

If no then you need to troubleshoot the telnet problem like normal and disregard the ACL you are concentrating on.

If yes then you need to give us more information like

1) 'show login' (during problem)

2) 'show login failures' (during problem)

3) all the login commands you have configured

4) the line vty configuration

Simon

215
Views
5
Helpful
5
Replies
CreatePlease to create content