[c-nsp] 4948 management port VS vty access-group
Nemeth Laszlo
csirek at cooler.hu
Thu May 20 09:51:06 EDT 2010
Hi All,
I use a C4948 switch with cat4500-entservicesk9-mz.122-53.SG1 IOS.
I try to use the MGMT ethernet port. The config is:
interface FastEthernet1
ip vrf forwarding mgmtVrf
ip address 192.168.2.10 255.255.255.0
speed auto
duplex auto
If I telnet to the switch from 192.168.2.1 via the MGMT port without
access-group filter on the VTY, the telnet is working.
# telnet 192.168.2.10
Trying 192.168.2.10...
Connected to 192.168.2.10.
Escape character is '^]'.
User Access Verification
Username:
But if i put a filter to the VTY (now i try a simple "access-list 10
permit any" ) the telnet doesn't work thru the MGMT port.
VTY config:
line vty 0 4
access-class 10 in
exec-timeout 0 0
login local
Telnet output:
# telnet 192.168.2.10
Trying 192.168.2.10...
telnet: Unable to connect to remote host: Connection refused
I tried standard and extended ACL too.
If I logging an extended ACL (permit ip any any log) output i see it:
*May 20 08:08:15 MET-DST: %SEC-6-IPACCESSLOGP: list 100 permitted tcp
192.168.2.1(47611) -> 0.0.0.0(23), 1 packet
But the connection is refused.
Do anybody have any idea, why doesn't work the telnet thru the MGMT if i
use ACL on the VTY lines? May be SW bug?
Thanks!
Laszlo
More information about the cisco-nsp
mailing list