Actually telnet packets are processed by inbound access-list. Now if your refering to outbound access-lists then you would be correct.
Dave "Hire, Ejay" wrote: > > Because telnet packets destined for the router are not normally processed by > access-lists. (i don't understand why not, but hey...) > > instead do this > > access-list y deny xx.xx.xx.xx xx.xx.xx.xx > > line vty 0 n (n = the results of a ?, usually 4) > access-class y > > -----Original Message----- > From: McHugh Randy [mailto:[EMAIL PROTECTED]] > Sent: Saturday, February 16, 2002 4:49 PM > To: [EMAIL PROTECTED] > Subject: Dening telnet access [7:35628] > > Access list problem: > > Why does this extended access list not work to deny telnet access applied to > the internet interface on a 2514? > > Extended IP access list 199 > deny tcp any any eq telnet > > interface Ethernet0 > > ip access-group 199 in > > I have alot more statments than this and of course the statement > access-list 199 permit ip any any > > to take care of the implicit deny all , but I can still access the router > from the internet through telnet. > Anyone have any ideas what else might be needed to prevent of selectivly > allow telnet access to my router. > Thanks, > Randy -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35742&t=35628 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
