Why is the specified ACL blocking telnet to the given host?

NaderHussain · ‎04-03-2019

The below ACL is blocking telnet access when it is supposed to be permitting it. Why is this happening?

access-list 102 permit tcp any host 208.190.2.2 eq telnet
access-list 102 deny ip any any

interface Serial0/0/0
ip address 208.190.2.1 255.255.255.252
ip access-group 102 out
clock rate 128000

!

There are no matches for the first line when I enter in the first command for telnet as indicated below.

telnet 208.190.2.2

I get matches for the deny statement.

luis_cordova · ‎04-03-2019

Hi @NaderHussain ,

Query: Before applying the ACL, does telnet work?
Anyway, a small diagram of your network with the location of the devices could help us see what the problem is.

Regards

Jaderson Pessoa · ‎04-03-2019

@NaderHussain hello,

23/TCP,UDP

Telnet protocol - unencrypted text communication

Try allow the udp protocol to telnet and test again.

Thanks in advance.

Jaderson Pessoa
*** Rate All Helpful Responses ***

GRANT3779 · ‎04-04-2019

Hi Nader,

I don't think you have provided enough information to help us properly troubleshoot this with you so a lot of answers may be based on assumptions.

When you run the telnet 208.190.2.2 command, are you doing this direct from the router CLI that has the Serial Interface and access list ? If so, then the ACL would not be used for traffic sourced from the router itself. The ACL as far as I am aware is for traffic transiting the router and not anything sourced from the device directly.

Is the end device configured for telnet access etc..?

NaderHussain · ‎04-04-2019

Here is a diagram of the topology in the attached file.

The same type of ACL permitting telnet to another router worked. Only this one blocks all traffic. Any help would be good.