Because telnet packets destined for the router are not normally processed by access-lists. (i don't understand why not, but hey...)
instead do this access-list y deny xx.xx.xx.xx xx.xx.xx.xx line vty 0 n (n = the results of a ?, usually 4) access-class y -----Original Message----- From: McHugh Randy [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 16, 2002 4:49 PM To: [EMAIL PROTECTED] Subject: Dening telnet access [7:35628] Access list problem: Why does this extended access list not work to deny telnet access applied to the internet interface on a 2514? Extended IP access list 199 deny tcp any any eq telnet interface Ethernet0 ip access-group 199 in I have alot more statments than this and of course the statement access-list 199 permit ip any any to take care of the implicit deny all , but I can still access the router from the internet through telnet. Anyone have any ideas what else might be needed to prevent of selectivly allow telnet access to my router. Thanks, Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35738&t=35628 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
