Hi Folks,
I have a doubt about access-lists. I have the following topology:
Router A
Ethernet 0
10.0.0.1
|
|
10.0.0.2
FastEth0
Router B
Serial 0.1
192.168.1.1
|
|
192.168.1.2
Serial 0.1
Router C
I wanted to block telnet TO and FROM network 10.0.0.0. I created an
access-list as follows:
ip access-list extended LAN
deny tcp any any eq telnet
permit ip any any
Applied it to Router B on Fast Ethernet 0 interface this way:
interface FastEthernet0
ip access-group LAN in
ip access-group LAN out
Doing this I really blocked telnet from network 10.0.0.0 to routers B and C.
I also blocked router C from telneting to router A (or any other host on
network 10.0.0.0). But, surprisingly to me, I'm still able to telnet Router
A from Router B!
My question is: since I blocked telnet traffic on the interface Fast
Ethernet 0 on router B for inbound and outbound, shouldn't this block my
telnets from B to A?? What is missing here?
Thanks in advance!
Ednilson Rosa
CCNA
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9292&t=9292
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
