cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2242
Views
15
Helpful
11
Replies

ACL block telnet

jearyro
Level 1
Level 1

Hi Experts,

 

doing a lab for ACL to block telnet for PC2 (10.0.0.2 ) even and on another side, all systems should use telnet.

I have access-list 100 with the below config.

 

permit tcp any

permit ip any

deny tcp host 10.0.0.2 any eq telnet

 

telnet not blocking..

 

 

 

2 Accepted Solutions

Accepted Solutions

Jitendra Kumar
Spotlight
Spotlight

Seems ACL statement order is the wrong move the block telnet statement on top and check. 

ACL statement follows top to down. first packet match..

 

Thanks,

Jitendra

 

Thanks,
Jitendra

View solution in original post

Can you check the show access list?

 

As you have changed the statement order.

 

now check  (inside or outside )  on the ACL. change according if you are doing ACL on the outside interface then it should be outside.. 

 

 

Thanks,

Jitendra

Thanks,
Jitendra

View solution in original post

11 Replies 11

Jitendra Kumar
Spotlight
Spotlight

Seems ACL statement order is the wrong move the block telnet statement on top and check. 

ACL statement follows top to down. first packet match..

 

Thanks,

Jitendra

 

Thanks,
Jitendra

Paulo Thame
Level 1
Level 1

Try this way

 

ip access-list 100

 

10 deny tcp host 10.0.0.2/32 any eq telnet

20 permit tcp any

30 permit ip any

 

done this but unfortunately still not blocking telnet.

 

Sheraz.Salim
VIP Alumni
VIP Alumni

Your access list is wrong. Remember it is alway explicit deny statement in ACL

 

permit tcp any
permit ip any
deny tcp host 10.0.0.2 any eq telnet

In order to block the telnet

 

 

10 deny tcp host 10.0.0.2 any eq telnet
20 permit tcp any
30 permit ip any

 

 

please do not forget to rate.

not working Sir..

 

 

you need apply acl on the interface...

 

like

 

interface INTERFACE_NAME
no shutdown
ip access-list 100 

Can you check the show access list?

 

As you have changed the statement order.

 

now check  (inside or outside )  on the ACL. change according if you are doing ACL on the outside interface then it should be outside.. 

 

 

Thanks,

Jitendra

Thanks,
Jitendra

I am applying this ACL outside interface1/1.

 

I was missing outside there was inside that's why this was not blocking.

 

ip access-group100 out.

Great it work out for you

please do not forget to rate.

you need to apply this ACL to the interested Interface where you want this to be action.

 

 

please do not forget to rate.

Hi

 Where did you apply this ACL and how you did? Can you share the switch config?

Keep in mind that ACL have the syntax of "source"/"destination", if you want to block telnet to PC, it must be on the destination.

Dont forget to apply this ACL, otherwise, you are not blocking anything.