[c-nsp] Filtering telnet without ACL

Saku Ytti saku+cisco-nsp at ytti.fi
Fri Aug 1 10:04:58 EDT 2008


On (2008-08-01 15:14 +0200), Joost greene wrote:

Hey,

> Someone challenged me with a question on how i can filter telnet access to
> one router from all hosts except two of them WITHOUT using access-lists or
> access-line under the VTY? any ideas?

 I assume challenge was set, because asker knows how to do it. If not,
then I think challenge should be, how to make router output PONIES.
 Anyhow, I think CoPP, rACL and policy-route would break the 
'no acl' definition and wouldn't be acceptable solution.

 I think what would fit the rule, is MPLS LSR where you'd only 
have route back to couple management hosts and others couldn't
telnet to the box, simply because box doesn't have route to them.
 Of course everyone in your IGP could telnet to the box also.

-- 
  ++ytti


More information about the cisco-nsp mailing list