Cannot Telnet to 3725

Rick Morris · ‎09-28-2009

Found this in my router:

Extended IP access list sl_def_acl

10 deny tcp any any eq telnet log

20 deny tcp any any eq www log

30 deny tcp any any eq 22 log

40 permit ip any any log

I did not add this and I cannot get rid of it.

Any ideas?

It does not show up in sh run either. It is almost like a self aware threat that added the acl but now I cannot get rid of it.

simontibbitts · ‎09-28-2009

Hello.

It is an automatic ACL that is applied when you configure the new IOS login enhancements.

This link has all the information you need:

Kind Regards

Simon

Rick Morris · ‎09-28-2009

any idea how to get rid of it?

simontibbitts · ‎09-29-2009

Hi.

The options you have are to either remove the enhanced login config or create a quiet mode ACL of your own:

login quiet-mode access-class [ACL]

This will overwrite the sf_def_acl with a more meaningful name.

However don't feel you have to get rid of it, it is correct in being there.

Simon

Rick Morris · ‎09-29-2009

It is correct but I cannot telnet to my router so I need to either get rid of it or use something else so I can log in.

simontibbitts · ‎09-30-2009

Hello.

Seeing this ACL does not necessarily mean it is applied to the VTY line. It is only applied when the IOS login enhancements enter silent mode.

If you remove all your enhanced login commands does telnet work?

If no then you need to troubleshoot the telnet problem like normal and disregard the ACL you are concentrating on.