07-21-2002 02:43 PM - edited 03-02-2019 12:02 AM
Probably an easy one for you guys.
I want to deny telnet access to my router interface (MC3810) facing the internet. I've tried setting access lists but it doesn't work. My internal addressing is 10.4.0.0. Here is what I've done so far.
access-list 100 permit tcp 10.0.0.0 0.255.255.255 0.0.0.1 255.255.255.224 eq telnet
access-list 100 permit udp 10.0.0.0 0.255.255.255 0.0.0.1 255.255.255.224 eq 23
access-list 110 deny udp any 0.0.0.1 255.255.255.224 eq 23
access-list 110 deny tcp any 0.0.0.1 255.255.255.224 eq telnet
This configuration doesn't work. I can still login from home. What did I do wrong?
Thanks in advance,
-Troy
07-21-2002 03:44 PM
To deny telnet to your router, you need to create an ACL just like above and apply it to the vty lines and not your serial or ethernet interface.
eg;
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 1.1.1.1 eq 23
access-list 100 deny ip any any
line vty 0 4
access-class 100 in
HTH
R/Yusuf
07-25-2002 12:23 PM
You need to issue the following command under the tty/vty configs.
ip access-class
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide