03-28-2007 03:36 AM - edited 03-05-2019 03:09 PM
Hi Experts!
i want to deny Users in THIS Network 10.0.0.0 to Telnet to the CORE unless 5 users(10.100.100.150-155) in this network can do telnet.i want to achieve this thr Ip access-list.how can i configure it?
10xs
03-28-2007 03:52 AM
Hi Ali
Could you give a few more details.
What are the source IP addresses.
What are the destination IP addresses.
What are you denying or permitting.
What type of kit are you applying the access-list on eg. router, layer 3 switch etc.
Jon
03-28-2007 04:22 AM
Hi Jon!
all users in the network(10.0.0.0)can't establish a telnet seesion.
Destination ip address CORE(6509-SUP720.BUT I want to allow just for 5 users(10.100.100.150-155) to telnet into the core
10xs
03-28-2007 04:25 AM
Ali,
You would require a VTY access-list
eg.
Access-list 1 permit 10.100.100.150 0.0.0.0
Access-list 1 permit 10.100.100.151 0.0.0.0
Access-list 1 permit 10.100.100.152 0.0.0.0
Access-list 1 permit 10.100.100.153 0.0.0.0
Access-list 1 permit 10.100.100.154 0.0.0.0
Access-list 1 permit 10.100.100.155 0.0.0.0
line vty 0 15 (or 4) .... depending on the platform)
access-class 1 in
transport input telnet
This would restrict the telnet access to the above 6 machines
HTH, rate if it does
Narayan
03-28-2007 04:27 AM
Hi Narayan
i need this thr ip access-list.
10xs
03-28-2007 04:31 AM
Hi Ali
If you are trying to restrict who can telnet onto the actual supervisor Narayan is correct in the solution he provided.
If you are trying to stop telnet through the switches to another destination you would use an access-list.
HTH
Jon
03-28-2007 04:38 AM
Ali,
Actually it is an ip access-list.
If you want it to show as ip access-list then
you can use
ip access-list standard permit-to-telnet
permit 10.100.100.150 0.0.0.0
permit 10.100.100.151 0.0.0.0
permit 10.100.100.152 0.0.0.0
permit 10.100.100.153 0.0.0.0
permit 10.100.100.154 0.0.0.0
permit 10.100.100.155 0.0.0.0
HTH, rate if it does
Narayan
03-28-2007 04:36 AM
Ali,
One thing that you can do is:
access-list 1 permit host 10.100.100.151
access-list 1 permit host 10.100.100.152
access-list 1 permit host 10.100.100.153
access-list 1 permit host 10.100.100.154
access-list 1 permit host 10.100.100.155
line vty 0 4
access-class 1 in
HTH,
-amit singh
03-28-2007 04:50 AM
Hello!
10xs for ur great reply
regards
Ali
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide