[c-nsp] suddenly lost telnet connection in switch
Justin M. Streiner
streiner at cluebyfour.org
Fri Dec 12 14:28:27 EST 2008
On Fri, 12 Dec 2008, chloe K wrote:
> I am doing the following access-list for www to restrict to switch http access
> but when I apply it in the interface, i suddenly lost telnet connection.
> Why?
>
> Extended IP access list 110
> permit tcp 192.168.0.0 0.255.255.255 any eq www
> permit tcp 172.16.0.0 0.255.255.255 any eq www
> permit tcp 10.0.0.0 0.255.255.255 any eq www
> deny tcp any eq www any
> deny tcp any eq www any log
You need to permit telnet connections. The ACL above only deals with HTTP
connections. Also, at the bottom of most packet-filtering ACLs like this,
there is an implicit "deny any", so if packet doesn't match against any of
your explicitly defined ACL rules, it will fall to that implicit "deny
any" and get dropped.
jms
More information about the cisco-nsp
mailing list