Hello Eugene, Good question. One reason that comes to mind right away is the fact that applying an ACL on an interface, blocking the traffic WILL work, but it will also BLOCK the management traffic headed to other devices which has to pass through that router.
Ex : R1 <------->fa 0/0 R2 fa 0/1<-----------> R3 By applying an ACL on the fa 0/0 or R2 in the ingress direction, you can effectively block all telnet traffic headed to R2 from R1, but you will inadvertently be blocking the telnet traffic headed to R3 as well. For this , the ideal solution would be to only block traffic headed to the "CONTROL" plane of R2, which can be done using Control-plane Policing / Protection. Hope this helps, Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
