[c-nsp] suddenly lost telnet connection in switch

Dan Evans pzdevans at gmail.com
Fri Dec 12 14:30:49 EST 2008


At the end of an access list is an implicit "deny all" statement. If you
don't account for telnet traffic in the acl then it gets dropped.

The access list example you used effectively states:

Allow port 80 traffic from source blocks 192/8, 172/8, and 10/8. Drop
*everything* else.




On Fri, Dec 12, 2008 at 2:05 PM, chloe K <chloekcy2000 at yahoo.ca> wrote:

> Hi
>
>  I am doing the following access-list for www to restrict to switch http
> access
>  but when I apply it in the interface, i suddenly lost telnet connection.
>  Why?
>
>
>  Extended IP access list 110
>    permit tcp 192.168.0.0 0.255.255.255 any eq www
>    permit tcp 172.16.0.0 0.255.255.255 any eq www
>    permit tcp 10.0.0.0 0.255.255.255 any eq www
>    deny tcp any eq www any
>    deny tcp any eq www any log
>
> switch(config)#interface VLAN1
>  switch(config-if)#ip access-group 110 in
> switch(config-if)#
>
>
>
> ---------------------------------
> Now with a new friend-happy design! Try the new Yahoo! Canada Messenger
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list