cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10691
Views
0
Helpful
3
Replies

Extended ACL to block Telnet?

Carlos Gomez
Level 1
Level 1

Hi everyone! I'm reviewing ACLs for the CCNA. I had a question in the practice certification exam # 1 in cisco.netacad asking me to block telnet in three statements with an extended ACL. I answered this:

access-list 100 deny tcp any any eq telnet

access-list 100 permit ip any any

The placement of the ACL was ok, but I didn't get any points for configuration. I didn't put the “deny any any” statement because I thought it was already included with the implicit deny, but to get out of doubt, I took it again and added the las statement. Again, I did not get any points for the configuration of the ACL. I have three routers connected by serial ports and the last one connected to the internet through a serial port also. All routers have an Ethernet interface. To block telnet from the networks connected to the last router, and also from the internet I place the ACL outbound in the fa0/0.

Now, my question is, should I use in the statements "any any" because I believe that the only reason I'm not getting this points is because they want me to summarize the networks or something. Also, I don't know whether to include the “deny any any” statement or not. I will be taking the ICND 2 and I'm pretty sure I will see this on the test. Can someone please help me understand what are they asking me? Please... Thank you very much.

Carlos

3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

Hi,

Could you post your pka file.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Juan Perez
Level 1
Level 1

Hi Carlos,

Probably what they wanted you to do was the following:

ip access-list extended BLOCK_TELNET

deny   tcp any any eq telnet

permit ip any any

Do not know what the exact statement of the question is but you can give it a try.

Regards.

nkarthikeyan
Level 7
Level 7

Hi Carlos,

I guess you may need to apply that ACL to an interface or VLAN as in so that it can make the things work and that would be the correct answer.

Please do rate if the given information helps.

By

Karthik

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco