[c-nsp] suddenly lost telnet connection in switch

Teller, Robert RTeller at deltadentalwa.com
Fri Dec 12 14:26:11 EST 2008 

Try this
  Extended IP access list 110
    permit tcp 192.168.0.0 0.255.255.255 [Vlan 1 ip] eq www
    permit tcp 172.16.0.0 0.255.255.255 [Vlan 1 ip] eq www
    permit tcp 10.0.0.0 0.255.255.255 [Vlan 1 ip] eq www
    permit tcp [ip address] [Vlan 1 ip] eq telnet
    deny tcp any eq www any log


  Extended IP access list 110
    permit tcp 192.168.0.0 0.255.255.255 any eq www
    permit tcp 172.16.0.0 0.255.255.255 any eq www
    permit tcp 10.0.0.0 0.255.255.255 any eq www
    deny tcp any eq www any
    deny tcp any eq www any log [your log is after your www deny so it
won't log anything]

You should be using https and ssh instead of http and telnet.

When using an access-list all traffic is explicitly denied.




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of chloe K
Sent: Friday, December 12, 2008 11:05 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] suddenly lost telnet connection in switch

Hi 
   
  I am doing the following access-list for www to restrict to switch
http access
  but when I apply it in the interface, i suddenly lost telnet
connection.
  Why?
   
   
  Extended IP access list 110
    permit tcp 192.168.0.0 0.255.255.255 any eq www
    permit tcp 172.16.0.0 0.255.255.255 any eq www
    permit tcp 10.0.0.0 0.255.255.255 any eq www
    deny tcp any eq www any
    deny tcp any eq www any log
  
switch(config)#interface VLAN1
  switch(config-if)#ip access-group 110 in
switch(config-if)#


       
---------------------------------
Now with a new friend-happy design! Try the new Yahoo! Canada Messenger
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


#########################################################
The information contained in this e-mail and subsequent attachments may be privileged, 
confidential and protected from disclosure.  This transmission is intended for the sole 
use of the individual and entity to whom it is addressed.  If you are not the intended 
recipient, any dissemination, distribution or copying is strictly prohibited.  If you 
think that you have received this message in error, please e-mail the sender at the above 
e-mail address.
#########################################################

More information about the cisco-nsp mailing list