Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

which solution is correct?

If I was required to log all the telnet session to router R1 comming from outside with the following network topology:

outside -------(S0/0, IP addr 11.1.1.1) R1 (e0/0)-----inside

1: interface s0/0

ip access-group Incoming in

ip access-list extended Incoming

permit tcp any 11.1.1.1 eq telnet log

permit ip any any

2: line vty 0 4

access-class incoming

ip access-list standard incoming

permit any log

Which way is correct? Or both are correct?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: which solution is correct?

Number two will also log telnet from internal since the access-list is applied on the VTY, and the access-list permits all. In other words, it would log telnet coming from e0/0 or inside too. so, it does not meet the requirement.

Please rate helpful posts.

1 REPLY

Re: which solution is correct?

Number two will also log telnet from internal since the access-list is applied on the VTY, and the access-list permits all. In other words, it would log telnet coming from e0/0 or inside too. so, it does not meet the requirement.

Please rate helpful posts.

105
Views
0
Helpful
1
Replies