Try permitting based on IP address only, e.g.
access-list 199 permit ip x.x.x.x 0.0.0.255 host y.y.y.y
still the same result, all the ip's are blocked.
Well you are allowing TCP port 22 from x.x.x.x/24 to any destination, which
will be any IP address on the router. But that doesnt
Aaron Riemer [EMAIL PROTECTED] wrote: Hi,
I was under the impression that vty ACL's only filter by source addresses.
i.e. standard ACL's only.
At first I thought that since VTY lines are for SSH access, there is no need to
add an extended access-list, to allow ssh on those lines.
I found on
Aaron Daubman [EMAIL PROTECTED] wrote: Catalin,
...
Is this a normal behavior of the IOS, to block access to all the ip's,
including to the one that is supposed to be allowed?
While not explicitly called out, I believe the intent is to use a
'standard' access list with one's vty
access list (expanded range)
- Original Message -
From: Jared Mauch
To: Collins, Richard (SNL US)
Cc:
Sent: Friday, September 14, 2007 1:44 AM
Subject: Re: [c-nsp] vty access-list
On Thu, Sep 13, 2007 at 08:55:07AM -0700, Collins, Richard (SNL US) wrote:
Yes I think that you have
Technologies, Inc.
954-298-1697
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of C and C
Dominte
Sent: Friday, September 14, 2007 2:54 AM
To: Tom Storey; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] vty access-list
Try permitting based on IP address only, e.g
Hi,
I am trying to filter SSH access on a router from outside by source and
destination ip address. To be more clear, the source SSH access is the
outside /24 network x.x.x.x, and the destination SSH IP is one of the
router's ip's. I want to be able to cut the ssh listening on all the ip's
from
Catalin,
...
Is this a normal behavior of the IOS, to block access to all the ip's,
including to the one that is supposed to be allowed?
While not explicitly called out, I believe the intent is to use a
'standard' access list with one's vty access-class statements. To
that end, an extend
Try using an access-class on the VTY and a simple acl (number 1-99) instead.
---rob
C and C Dominte [EMAIL PROTECTED] writes:
Hi,
I am trying to filter SSH access on a router from outside by source and
destination ip address. To be more clear, the
: Thursday, September 13, 2007 10:58 AM
To: C and C Dominte
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] vty access-list
Catalin,
...
Is this a normal behavior of the IOS, to block access to all
the ip's, including to the one that is supposed to be allowed?
While not explicitly called out, I
PROTECTED]
Subject: Re: [c-nsp] vty access-list
To: C and C Dominte [EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
Try using an access-class on the VTY and a simple acl (number 1-99)
instead
On Thu, Sep 13, 2007 at 08:55:07AM -0700, Collins, Richard (SNL US) wrote:
Yes I think that you have to use a standard access-list on the VTY. I
No, you can use an extended access-list as well.
2610(config-line)#access-class ?
1-199 IP access list
1300-2699 IP expanded access
If your router can do it, try to use ip receive access-list.
Good luck.
Cheers,
Leonardo Gama
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
Yes.
This is what we do for SNMP.
Dale
On Sep 13, 2007, at 10:12 AM, Fred Reimer wrote:
If the device supports CPP can't you put an ACL on the
control-plane to handle all interfaces at once?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
13 matches
Mail list logo