Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
2
Replies

Denying Telnet on an interface via Internet

tjerkins
Level 1
Level 1

‎07-21-2002 02:43 PM - edited ‎03-02-2019 12:02 AM

Probably an easy one for you guys.

I want to deny telnet access to my router interface (MC3810) facing the internet. I've tried setting access lists but it doesn't work. My internal addressing is 10.4.0.0. Here is what I've done so far.

access-list 100 permit tcp 10.0.0.0 0.255.255.255 0.0.0.1 255.255.255.224 eq telnet

access-list 100 permit udp 10.0.0.0 0.255.255.255 0.0.0.1 255.255.255.224 eq 23

access-list 110 deny udp any 0.0.0.1 255.255.255.224 eq 23

access-list 110 deny tcp any 0.0.0.1 255.255.255.224 eq telnet

This configuration doesn't work. I can still login from home. What did I do wrong?

Thanks in advance,

-Troy

Labels:
0 Helpful
2 Replies 2

yusuff
Cisco Employee
Cisco Employee

‎07-21-2002 03:44 PM

To deny telnet to your router, you need to create an ACL just like above and apply it to the vty lines and not your serial or ethernet interface.

eg;

access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 1.1.1.1 eq 23

access-list 100 deny ip any any

line vty 0 4

access-class 100 in

HTH

R/Yusuf

0 Helpful

chris.burton
Level 1
Level 1

‎07-25-2002 12:23 PM

You need to issue the following command under the tty/vty configs.

ip access-class in

0 Helpful
Customers Also Viewed These Support Documents