Not sure of your network topology but it looks as if all you have done is to prevent users on the ethernet interface from using telnet. You can apply an 'access-class' (which works identically to access-group on a physical interface) to your vty lines to restrict telnet access from outside into your router.
ex: router#(config)line vty 0 4 router#(config-line)access-class 99 in router#(config)access-list 99 permit 1.1.1.1 McHugh Randy wrote: > > Access list problem: > > Why does this extended access list not work to deny telnet > access applied to the internet interface on a 2514? > > Extended IP access list 199 > deny tcp any any eq telnet > > interface Ethernet0 > > ip access-group 199 in > > I have alot more statments than this and of course the statement > access-list 199 permit ip any any > > to take care of the implicit deny all , but I can still access > the router from the internet through telnet. > Anyone have any ideas what else might be needed to prevent of > selectivly allow telnet access to my router. > Thanks, > Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35630&t=35628 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
