ACL (access control list )

jonk34567 · ‎02-08-2017

i created a access list on R1 router so i can only telnet from R2 to telnet host.below
is my command

(G.m)#access-list 100 permit tcp 10.1.1.1 0.0.0.255 host 20.1.1.2 eq telnet

#int fa 0/0
#ip access-group 100 in
#end

but i can not telnet from R2 to Telnet Host. i have attached the topology below

andrewswanson · ‎02-08-2017

Could you telnet to the host prior to applying the ACL?

Also are you using a routing protocol or using static routing? If you are using a routing protocol check the link below to make sure you aren't filtering it out (there is an implicit deny at the end of your ACL)

hth

Andy

http://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html#anc16

Julio E. Moisa · ‎02-08-2017

If you want to get access remotely, please try:

access-list 7 permit 10.1.1.1 0.0.0.255
access-list 7 deny any

line vty 0 15
access-class 7 in
transport input all

if you are going to use local credentials include these lines:

conf t

username Cisco priviledge 15 password Test123 (example)
no aaa new-model

line vty 0 15
login local

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎02-08-2017

The ACL's are applied under the interfaces to filter (allow or deny) prefixes. But if you want to get access remotely and protect your device, the configuration above can be used.

I assuming you want to protect the device where this config is implemented

access-list 100 permit tcp 10.1.1.1 0.0.0.255 host 20.1.1.2 eq telnet

try just with:

access-list 7 permit 10.1.1.1 0.0.0.255
access-list 7 deny any

int fa0/0
ip access-group 7 in

Hope it is useful :-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<