[c-nsp] Filtering telnet without ACL
Joost greene
joost.greene at gmail.com
Mon Aug 11 04:13:38 EDT 2008
Hi Saku,
I forgot to mention that the question said to limit telnet access to
loopback of two routers without using Access lists so i can see your answer
makes sense but what do you mean by MPLS LSR ?
Thanks,
Joost
On Fri, Aug 1, 2008 at 5:04 PM, Saku Ytti
<saku+cisco-nsp at ytti.fi<saku%2Bcisco-nsp at ytti.fi>
> wrote:
> On (2008-08-01 15:14 +0200), Joost greene wrote:
>
> Hey,
>
> > Someone challenged me with a question on how i can filter telnet access
> to
> > one router from all hosts except two of them WITHOUT using access-lists
> or
> > access-line under the VTY? any ideas?
>
> I assume challenge was set, because asker knows how to do it. If not,
> then I think challenge should be, how to make router output PONIES.
> Anyhow, I think CoPP, rACL and policy-route would break the
> 'no acl' definition and wouldn't be acceptable solution.
>
> I think what would fit the rule, is MPLS LSR where you'd only
> have route back to couple management hosts and others couldn't
> telnet to the box, simply because box doesn't have route to them.
> Of course everyone in your IGP could telnet to the box also.
>
> --
> ++ytti
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list