I believe that telnet and ssh are run all or none deals. What I mean by this is they are not running on 1 interface per say (well you actually can do what you want by choosing which interface you apply the access list to); they are running on all interfaces for the router (meaning if you don't filter traffic with an access list people can reach the service from all interfaces). Why not write an extended access list (101 - 199) and permit specific ips (or ip ranges) to access port 23 (if you have the enterprise IOS you should just get rid of telnet all together and run ssh) if you choose to run ssh just permit access to port 22. Just apply the access list to the interface you want people to reach it from. By default there is a catch all deny rule at the end so if you don't permit telnet or ssh in the access list applied to your serial 0/0 it will by default be denied. If you need help with the syntax or writing acls please feel free to contact me off list.
Best regards and HTH, Leon -----Original Message----- From: Kevin Brooks [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 12:21 PM To: [EMAIL PROTECTED] Subject: Cisco IOS question On my cisco 3600 router. How can I disable telnet into serial 0/0. I do need to leave telnet open on FastEth0/0 but I don't want anyone to be able to telnet in from the outside. Any Ideas? Thanks __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
