If you are trying to restrict telnet access to the router to only those addresses (192.168.1.0 to 192.168.7.0), you need at least two lines in the access list. If you can let 192.168.0.0 /24 through as well, then you can get it down to one line.
Rather than using an extended access list, you can use a standard access list and then apply it as an access class to the VTY lines. Something like this: access-list 31 deny 192.168.0.0 0.0.0.255 access-list 31 permit 192.168.0.0 0.0.0.7.255 line vty 0 4 access class 31 in Forget the first line if you can let 192.168.0.0 /24 through. Anybody's welcome to chip in if I missed something, or even totally screwed it up. World Cup fever has hit and still recovering. (Any French list members - ho ho - sorry!) What do you call a Frenchman in the 2nd round of the world cup? Referee! Gaz ""GEORGE"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If I wanted to apply a access list to allow only networks from > 192.168.1.0 to 192.168.7.0 and apply it to the vty lines > > is this correct > > access-list 101 allow tcp 192.168.1.0 0.0.6.255 eq 23 any > ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45588&t=45585 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
