Last comment, now that I have finished the lawn and re-read the complete
question:
I sent this to one of the respondents earlier and thought I might complete
the circle here. The issue was that telnet worked from Router B into the
10.0.0.0 network. As cheekin states correctly, ACLs will not inspect
packets generated ON Router B, only packets travelling through the router,
so telnet FROM Router B is possible. To prevent this, you must use the vty
filter (and obviously then control administrative access to Router B).
Commands are entered on Router B:
To prevent telnet FROM Router B into the 10.0.0.0 network:
access-list 10 deny 10.0.0.0 0.255.255.255
line vty 0 4
access-class 10 OUT (inspects destination IP address)
To prevent telnet INTO Router B:
access-list 10 deny 10.0.0.0 0.255.255.255
line vty 0 4
access-class 10 IN (inspects source IP address)
Last comment: VTY filter should be applied consistently to ALL vty lines
configured (5 is default). If you have 10 lines, then apply to line vty 0 9.
Cheers...
Dennis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9521&t=9292
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
