[c-nsp] acess-list

Ziv Leyes zivl at gilat.net
Thu Oct 30 04:36:21 EDT 2008


I think that what Adrian was asking, and it's something I would also like to know is let's suppose I have an acl for vty 0 4 and another acl for vty 5 15
acl for 0 4 allows access to x.x.x.x
acl for 5 15 allows access to y.y.y.y

How can I as a y.y.y.y client, be sure I connect to a vty between 5 and 15 and not fall into a denied 0 to 4?
If I'm the only one that tries to connect, by default I'll fall in vty 0, if I'm denied there but allowed in 5 to 15, will I be derived to there as a fallback?
Or there is a way I can force my connection to fall in vty 5 and up?

Ziv




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Valentin Stoicescu
Sent: Wednesday, October 29, 2008 11:27 PM
To: adrian kok
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] acess-list

Hi,
There's no difference ,just that you can configure different lines with
different passwords.
For your access-class put in your access list the ips you want to grant
access to vty and everything else is denied.
Ex:
access-list 10 permit "your ip "
line vty 0 15
access-class 10 in

adrian kok wrote:
> Hi
>
> 1/ What is the different between line vty 0 4 and line
> vty 5 15
>
> how can I deny one ip to access vty? I tried both but
> all are not working. and deny all ip to access
>
> access-list 10 deny 192.168.0.10 0.0.0.0 or
> access-list 10 deny 192.168.0.10 255.255.255.255
>
>
> router(config)#line vty 0 4
> router(config-line)#access-class 10 in
> router(config-line)#
>
> Thank you
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************






 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





More information about the cisco-nsp mailing list