[nsp] Possible bug in access-class ACLs on Cat3750?

Gert Doering gert at greenie.muc.de
Thu Nov 20 16:33:20 EST 2003


On Thu, Nov 20, 2003 at 02:23:49PM +0100, Lars Erik Gullerud wrote:
> It seems that the ACL is not being checked at all when used in an
> "access-class" statement under "line vty X" - meaning that unless other
> mechanisms are used to prevent access, anyone can reach the switch via
> telnet/ssh(if enabled).

For our 3750G-24TS, the vty ACLs work as expected.  Just tested it to be
sure.  c3750-i5-mz.121.14-EA1

Standard ACL (#9), with explicit "deny any" at the end.  No SSH, though.

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list