You made me try it... :) I configured this on the MSFC:
access-list 100 deny ip any any log ! line vty 0 4 access-class 100 in and I was still able to use 'session' to get to it. Does anyone have different experience? FWIW, I also checked the TCP connections on the MSFC, and when a 'session' is open, it does show a TCP connection between 127.0.0.12:23 (local) and 127.0.0.11:1025 (local). And when I configured a password on the vty's, I was subsequently required to enter that password for a 'session'. So it looks like telnet, walks like telnet, ... :) OK, now back to work... ;( Thanks, Zsombor At 06:01 PM 6/25/2003 +0000, Marco Eulenfeld wrote: >Hy, > > > but uses a system default Loopback address (127.0.0.x). When I session > > over, it shows that I came from 127.0.0.y. > > > > Any thoughts...? > >you are right :-) It does use a telnet-session. If you use an ACL on >your vty's, you can include/exclude the 127.0.0.x range to allow / >reject telnet-sessions from the switching-engine (if you telnet/ssh on >the sw-engine). As mentioned before, you can use the "switch console" >while you have access to the consle of the 65xx. > >Regards, > >Marco > >[GroupStudy removed an attachment of type application/pgp-signature] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71376&t=71340 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
