Hi all
I have configured the router for login block.
router(config)#login block-for 60 attempts 2 within 5
The following is the ACL configured on vty lines.
router#sh access-lists
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log
40 permit tcp any any eq 22 log
As per the Cisco docs, the login block feature blocks all the telnet and ssh
connections. But, if you observe the ACEs, there is one for HTTP too.
Also take a look at the last one, it permits ssh.
Sometimes, I see the ACL applied to aux and con line too.
Seems some type of bug.
Any thoughts?
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
