Announcement

Collapse
No announcement yet.

Some ACL help please

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Some ACL help please

    hi,

    Iam writting an Extended Acl too deny Telnet access from a machine too a switch. Prob is that after i write the first line in the switch config and hit enter the ACL kicks in an invokes the implicit deny which in turn disconnets my telnet session and the only way of getting onto the switch is too use the console. I never get a chance too write the permit statement.

    access-list 101 deny tcp x.x.x.x 0.0.0.0 x.x.x.x 0.0.0.0 eq 23

    would like too include this line
    access-list 101 permit tcp any any eq 23

    all ideas welcome

  • #2
    Re: Some ACL help please

    Hi,

    I am not an expert on the Cisco commands but logicaly it looks to me that you are blocking any attempt to connect to the switch via telnet on port 23 for the specified subnet and it looks like you are doing this whilst having a telnet session.
    Couldn't you do that through the web console? that way you won't end up kicking yourself out of the session.
    Also my thoughts are that Deny overrides Permit so not quite sure what you want to achieve with the second line!

    Cheers
    Last edited by L4ndy; 18th November 2008, 12:52.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Some ACL help please

      AcL runs on a top down appraoch,

      the first line will block all telnet traffic , eg, from machine 10.10.10.10. to switch 10.10.1.1, the second line will then allow any other machine that is not 10.10.10.10 too telnet too switch 10.10.1.1

      Comment


      • #4
        Re: Some ACL help please

        Looks like the second line permits Telnet from any host, which would override the deny specified in the line above then.

        In any case, if the first line does indeed only deny Telnet from one host, then to be experiencing this problem I would have to assume you are connecting from the host you are trying to deny?

        Best suggestion would be L4ndy's suggestion to connect to the web interface, or to use the console connection.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Some ACL help please

          My guess on this is:

          access-list 101 deny tcp x.x.x.x 0.0.0.0 x.x.x.x 0.0.0.0 eq 23

          blocks tcp attempts from that specific IP to the specific IP on port 23
          by default this also adds the deny any any afterwards which is what is blocking your connection.

          Either use another method of config or specifically allow your IP first, config it then remove your line.

          Only a guess though.
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment

          Working...
          X