i Kingsley, Firstly a HTTP question - HTTP login block and login delay support is in releases 12.2(33)SXH and 12.4(16)T and later. SOURCE - http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_login.html So the question is what is your IOS version?
Permit statement doesn't really matter, because all SSH access is blocked with line 30 in your ACL. How this ACL looks without active blocking? If the ACL is applied to CON/AUX only from time to time, I would say that it looks like a bug. If it is applied always, then it may be the way this feature works. Unfortunately I don't have any routers at the moment to test it. Regards, Seba ### On 6 November 2010 11:43, Kingsley Charles <[email protected]>wrote: > Hi all > > I have configured the router for login block. > > router(config)#login block-for 60 attempts 2 within 5 > > The following is the ACL configured on vty lines. > > router#sh access-lists > Extended IP access list sl_def_acl > 10 deny tcp any any eq telnet log > 20 deny tcp any any eq www log > 30 deny tcp any any eq 22 log > 40 permit tcp any any eq 22 log > > As per the Cisco docs, the login block feature blocks all the telnet and > ssh connections. But, if you observe the ACEs, there is one for HTTP too. > Also take a look at the last one, it permits ssh. > > Sometimes, I see the ACL applied to aux and con line too. > > > Seems some type of bug. > > Any thoughts? > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
