[nsp] VTY ACL
Steve Francis
steve at expertcity.com
Wed Jul 16 12:36:24 EDT 2003
Damien Holloway wrote:
>I applied an ACL to the vty interface on a router
>
>access-list 101 permit tcp host 10.1.1.1 host 10.2.2.2 eq telnet
>
>line vty 0 4
> access-class 101 in
>
>and the host 10.1.1.1 **cannot** telnet to the router on 10.2.2.2
>
Cause you applied it inbound, but the acl says match traffic originating
from
10.1.1.1, which it does not (its the reply traffic, destined to 10.1.1.1 that is coming in.)
So it drops it.
>
>BUT if I do this
>
>access-list 101 permit tcp host 10.1.1.1 any eq telnet
>
>line vty 0 4
> access-class 101 in
>
>and the host 10.1.1.1 **can** telnet to the router on 10.2.2.2
>
>Why would the first example NOT work???
>
>I am confused
>
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list