Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2242
Views
15
Helpful
11
Replies

ACL block telnet

Go to solution
jearyro
Level 1
Level 1

‎06-06-2022 04:40 AM

Hi Experts,

 

doing a lab for ACL to block telnet for PC2 (10.0.0.2 ) even and on another side, all systems should use telnet.

I have access-list 100 with the below config.

 

permit tcp any

permit ip any

deny tcp host 10.0.0.2 any eq telnet

 

telnet not blocking..

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jitendra Kumar
Spotlight
Spotlight

‎06-06-2022 04:45 AM

Seems ACL statement order is the wrong move the block telnet statement on top and check. 

ACL statement follows top to down. first packet match..

 

Thanks,

Jitendra

 

Thanks,
Jitendra

View solution in original post

Go to solution
Jitendra Kumar
Spotlight
Spotlight
In response to jearyro

‎06-06-2022 05:00 AM

Can you check the show access list?

 

As you have changed the statement order.

 

now check  (inside or outside )  on the ACL. change according if you are doing ACL on the outside interface then it should be outside.. 

 

 

Thanks,

Jitendra

Thanks,
Jitendra

View solution in original post

11 Replies 11

Go to solution
Jitendra Kumar
Spotlight
Spotlight

‎06-06-2022 04:45 AM

Seems ACL statement order is the wrong move the block telnet statement on top and check. 

ACL statement follows top to down. first packet match..

 

Thanks,

Jitendra

 

Thanks,
Jitendra

Go to solution
Paulo Thame
Level 1
Level 1

‎06-06-2022 04:48 AM

Try this way

 

ip access-list 100

 

10 deny tcp host 10.0.0.2/32 any eq telnet

20 permit tcp any

30 permit ip any

 

0 Helpful

Go to solution
jearyro
Level 1
Level 1
In response to Paulo Thame

‎06-06-2022 04:52 AM

done this but unfortunately still not blocking telnet.

 

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎06-06-2022 04:52 AM

Your access list is wrong. Remember it is alway explicit deny statement in ACL

 

permit tcp any
permit ip any
deny tcp host 10.0.0.2 any eq telnet

In order to block the telnet

 

 

10 deny tcp host 10.0.0.2 any eq telnet
20 permit tcp any
30 permit ip any

 

 

please do not forget to rate.

Go to solution
jearyro
Level 1
Level 1
In response to Sheraz.Salim

‎06-06-2022 04:53 AM

not working Sir..

 

 

0 Helpful

Go to solution
Paulo Thame
Level 1
Level 1
In response to jearyro

‎06-06-2022 04:56 AM

you need apply acl on the interface...

 

like

 

interface INTERFACE_NAME
no shutdown
ip access-list 100 

0 Helpful

Go to solution
Jitendra Kumar
Spotlight
Spotlight
In response to jearyro

‎06-06-2022 05:00 AM

Can you check the show access list?

 

As you have changed the statement order.

 

now check  (inside or outside )  on the ACL. change according if you are doing ACL on the outside interface then it should be outside.. 

 

 

Thanks,

Jitendra

Thanks,
Jitendra

Go to solution
jearyro
Level 1
Level 1
In response to Jitendra Kumar

‎06-06-2022 05:09 AM

I am applying this ACL outside interface1/1.

 

I was missing outside there was inside that's why this was not blocking.

 

ip access-group100 out.

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to jearyro

‎06-06-2022 05:12 AM

Great it work out for you

please do not forget to rate.
0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to jearyro

‎06-06-2022 05:09 AM

you need to apply this ACL to the interested Interface where you want this to be action.

 

 

please do not forget to rate.
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎06-06-2022 04:56 AM

Hi

 Where did you apply this ACL and how you did? Can you share the switch config?

Keep in mind that ACL have the syntax of "source"/"destination", if you want to block telnet to PC, it must be on the destination.

Dont forget to apply this ACL, otherwise, you are not blocking anything.

0 Helpful
Customers Also Viewed These Support Documents