Access-Class's applied to VTY interfaces only block telnet traffic destined
for the router. To block telnet traffic from the 10.x.x.x network to
192.168.1.x would be an extended access list.
i.e.
access-list 100 deny tcp 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255 eq 25
access-list 100 permit any any
interface ethernet 0
ip access-group 100 in
-----Original Message-----
From: Dennis Griffin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 10:33 AM
To: [EMAIL PROTECTED]
Subject: RE: Access-list [7:9292]
Not sure about this answer, so I'll put it as a WHAT IF: What if you need
to place a VTY filter on Router B to control inbound TELNET which terminates
on the directly connected network (i.e. does not flow through the router)?
TRY:
access-list 10 deny 10.0.0.0 0.255.255.255
line vty 0 5
access-class 10 in
Router C is telneting to the 192.168.1.0 network on B (not restricted), or
the traffic is flowing through B to get to A's network (which is
controllable by an ACL).
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9411&t=9292
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
