cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
44709
Views
0
Helpful
7
Replies

ACL to deny telnet from the open internet

bsciarra1
Level 1
Level 1

Good morning, I need to configure an acl that blocks telnet access from an internet-facing router.

I think I want to do something like this:

access-list 102 deny tcp any any eq telnet

But I read a single deny entry will have the effect of implicitly denying all traffic not explicitly permitted.

How would i write this acl to only deny telnet access from the open internet but continue to allow everything else?

Thanks,

Brian

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

access-list 102 deny tcp any any eq telnet

access-list 102 permit ip any any

View solution in original post

7 Replies 7

Edison Ortiz
Hall of Fame
Hall of Fame

access-list 102 deny tcp any any eq telnet

access-list 102 permit ip any any

Hi - this is interesting and I'm just learning about ACL's for my CCNA test.

Would this ACL be applied on the internet router's public side WAN interface like this. My example uses serial 0/0 as the public interface on this router.

conf t

interface serial 0/0

ip access-group 102 in

Patrick

Yes that access list would logically be applied inbound on the router's internet facing interface. The result would be that any attempt to telnet to any address inside the network, including any address on the internet router, would be denied and all other traffic would be permitted.

HTH

Rick

HTH

Rick

Thanks Guys,

I tried to picture this as if I'm a tech inside the network, and I need all of my internal subnets to have telnet access to the router, but I want to block all outside traffic from telnetting in.

Thank you for the info!

access-list 102 permit tcp [local_subnet] any eq telnet

access-list 102 deny tcp any any eq telnet

access-list 102 permit ip any any

Thank you i applied this acl accordingly it appears to be working.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco