Re: Access-list [7:9292]

Sun, 24 Jun 2001 02:20:06 -0700 

The information is found in the ICND course notes.  Look under the access
list configuration guidelines.

Hope this clarifies your doubt.

cheekin

----- Original Message -----
From: "Ednilson Rosa" 
To: 
Sent: Saturday, June 23, 2001 01:00
Subject: Re: Access-list [7:9292]


> Hi Dennis!
>
> In fact I suspected from this before. But I have not seen on any book that
> access-lists don't filter packets originated on the router itself. I may
> have not looked very well but maybe this should be better emphasized on
> books, since their approach may lead to this kind of misunderstanding.
> Access-class is really the solution for this case but I think it must be
> also applied for the console and aux ports, which could also be used to
> telnet to Network A.
>
> Thanks for your reply!
>
> ER
> CCNA
>
> ----- Original Message -----
> From: "Dennis Griffin"
> To:
> Sent: Friday, June 22, 2001 12:02 PM
> Subject: RE: Access-list [7:9292]
>
>
> Last comment, now that I have finished the lawn and re-read the complete
> question:
>
> I sent this to one of the respondents earlier and thought I might complete
> the circle here.  The issue was that telnet worked from Router B into the
> 10.0.0.0 network.  As cheekin states correctly, ACLs will not inspect
> packets generated ON Router B, only packets travelling through the router,
> so telnet FROM Router B is possible.  To prevent this, you must use the
vty
> filter (and obviously then control administrative access to Router B).
> Commands are entered on Router B:
>
> To prevent telnet FROM Router B into the 10.0.0.0 network:
> access-list 10 deny 10.0.0.0 0.255.255.255
> line vty 0 4
> access-class 10 OUT (inspects destination IP address)
>
> To prevent telnet INTO Router B:
> access-list 10 deny 10.0.0.0 0.255.255.255
> line vty 0 4
> access-class 10 IN (inspects source IP address)
>
> Last comment: VTY filter should be applied consistently to ALL vty lines
> configured (5 is default).  If you have 10 lines, then apply to line vty 0
> 9.
>
> Cheers...
>
> Dennis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9677&t=9292
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to