Packets originating from the router will not be subjected to access list
checking. Therefore you should be able to telnet to Router A from Router B.
cheekin
----- Original Message -----
From: "Ednilson Rosa"
To:
Sent: Thursday, June 21, 2001 10:38
Subject: Access-list [7:9292]
> Hi Folks,
>
> I have a doubt about access-lists. I have the following topology:
>
> Router A
> Ethernet 0
> 10.0.0.1
> |
> |
> 10.0.0.2
> FastEth0
> Router B
> Serial 0.1
> 192.168.1.1
> |
> |
> 192.168.1.2
> Serial 0.1
> Router C
>
> I wanted to block telnet TO and FROM network 10.0.0.0. I created an
> access-list as follows:
>
> ip access-list extended LAN
> deny tcp any any eq telnet
> permit ip any any
>
> Applied it to Router B on Fast Ethernet 0 interface this way:
>
> interface FastEthernet0
> ip access-group LAN in
> ip access-group LAN out
>
> Doing this I really blocked telnet from network 10.0.0.0 to routers B and
C.
> I also blocked router C from telneting to router A (or any other host on
> network 10.0.0.0). But, surprisingly to me, I'm still able to telnet
Router
> A from Router B!
>
> My question is: since I blocked telnet traffic on the interface Fast
> Ethernet 0 on router B for inbound and outbound, shouldn't this block my
> telnets from B to A?? What is missing here?
>
> Thanks in advance!
>
> Ednilson Rosa
> CCNA
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9482&t=9292
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
