[nsp] VTY ACL

Wed Jul 16 23:36:15 EDT 2003

The logic of extended ACL's for access-classes has been backwards as
far as I can remember. I don't know why it was done this way, except
that maybe they didn't think folks would use (or need) extended
ACL's. Standard ACL's are much more intuitive for this application.

Dennis

Damien Holloway [d.holloway at hill.com] wrote:
> I applied an ACL to the vty interface on a router
> 
> access-list 101 permit tcp host 10.1.1.1 host 10.2.2.2 eq telnet
> 
> line vty 0 4
>  access-class 101 in
> 
> and the host 10.1.1.1  **cannot** telnet to the router on 10.2.2.2 
> 
> BUT if I do this 
> 
> access-list 101 permit tcp host 10.1.1.1 any eq telnet
> 
> line vty 0 4
>  access-class 101 in
> 
> and the host 10.1.1.1  **can** telnet to the router on 10.2.2.2 
> 
> Why would the first example NOT work???
> 
> I am confused
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
-------------------------------------------------------------------------
      ||        ||                                 Dennis Peng
      ||        ||        Cisco Systems, Inc.      Escalation Engineer
     ||||      ||||       170 West Tasman Drive    Phone: (408) 526-6143
 ..:||||||:..:||||||:..   San Jose, CA 95134       Fax:   (408) 232-2343
   Cisco Systems Inc.                              dpeng at cisco.com
-------------------------------------------------------------------------