Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > access list problem

Reply
Thread Tools

access list problem

 
 
tony
Guest
Posts: n/a
 
      08-25-2006
i am trying to restrict telnet to a switch from one host only

so I did

access-list 1 permit host 10.10.10.5

line vty 0 4
access-class 1 in

but another host on the 10.10.10.x net can still telnet to the switch

What is wrong?


 
Reply With Quote
 
 
 
 
Doan
Guest
Posts: n/a
 
      08-25-2006
On Fri, 25 Aug 2006, tony wrote:

> i am trying to restrict telnet to a switch from one host only
>
> so I did
>
> access-list 1 permit host 10.10.10.5
>
> line vty 0 4
> access-class 1 in
>
> but another host on the 10.10.10.x net can still telnet to the switch
>
> What is wrong?
>

What does a "show line" say?

Doan


 
Reply With Quote
 
 
 
 
tony
Guest
Posts: n/a
 
      08-25-2006
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
Int
0 CTY - - - - - 0 0
0 -
* 1 VTY - - - - 1 15 0
0 -
2 VTY - - - - 1 4 0
0 -
3 VTY - - - - 1 0 0
0 -
4 VTY - - - - 1 0 0
0 -
5 VTY - - - - 1 0 0
0 -
6 VTY - - - - - 0 0
0 -
7 VTY - - - - - 0 0
0 -
8 VTY - - - - - 0 0
0 -
9 VTY - - - - - 0 0
0 -
10 VTY - - - - - 0 0
0 -
11 VTY - - - - - 0 0
0 -
12 VTY - - - - - 0 0
0 -
13 VTY - - - - - 0 0
0 -
14 VTY - - - - - 0 0
0 -
15 VTY - - - - - 0 0
0 -
16 VTY - - - - - 0 0
0 -
"Doan" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Fri, 25 Aug 2006, tony wrote:
>
>> i am trying to restrict telnet to a switch from one host only
>>
>> so I did
>>
>> access-list 1 permit host 10.10.10.5
>>
>> line vty 0 4
>> access-class 1 in
>>
>> but another host on the 10.10.10.x net can still telnet to the switch
>>
>> What is wrong?
>>

> What does a "show line" say?
>
> Doan
>
>



 
Reply With Quote
 
Doan
Guest
Posts: n/a
 
      08-25-2006

There is your problem. You have more than 5 VTY lines!
Try vty 0 16
access-class 1 in

Doan


On Fri, 25 Aug 2006, tony wrote:

> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
> Int
> 0 CTY - - - - - 0 0
> 0 -
> * 1 VTY - - - - 1 15 0
> 0 -
> 2 VTY - - - - 1 4 0
> 0 -
> 3 VTY - - - - 1 0 0
> 0 -
> 4 VTY - - - - 1 0 0
> 0 -
> 5 VTY - - - - 1 0 0
> 0 -
> 6 VTY - - - - - 0 0
> 0 -
> 7 VTY - - - - - 0 0
> 0 -
> 8 VTY - - - - - 0 0
> 0 -
> 9 VTY - - - - - 0 0
> 0 -
> 10 VTY - - - - - 0 0
> 0 -
> 11 VTY - - - - - 0 0
> 0 -
> 12 VTY - - - - - 0 0
> 0 -
> 13 VTY - - - - - 0 0
> 0 -
> 14 VTY - - - - - 0 0
> 0 -
> 15 VTY - - - - - 0 0
> 0 -
> 16 VTY - - - - - 0 0
> 0 -
> "Doan" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
> > On Fri, 25 Aug 2006, tony wrote:
> >
> >> i am trying to restrict telnet to a switch from one host only
> >>
> >> so I did
> >>
> >> access-list 1 permit host 10.10.10.5
> >>
> >> line vty 0 4
> >> access-class 1 in
> >>
> >> but another host on the 10.10.10.x net can still telnet to the switch
> >>
> >> What is wrong?
> >>

> > What does a "show line" say?
> >
> > Doan
> >
> >

>
>
>


 
Reply With Quote
 
tony
Guest
Posts: n/a
 
      08-25-2006
Its still does not work

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
Int
0 CTY - - - - - 0 0
0 -
* 1 VTY - - - - 1 16 0
0 -
* 2 VTY - - - - 1 7 0
0 -
3 VTY - - - - 1 0 0
0 -
4 VTY - - - - 1 0 0
0 -
5 VTY - - - - 1 0 0
0 -
6 VTY - - - - 1 0 0
0 -
7 VTY - - - - 1 0 0
0 -
8 VTY - - - - 1 0 0
0 -
9 VTY - - - - 1 0 0
0 -
10 VTY - - - - 1 0 0
0 -
11 VTY - - - - 1 0 0
0 -
12 VTY - - - - 1 0 0
0 -
13 VTY - - - - 1 0 0
0 -
14 VTY - - - - 1 0 0
0 -
15 VTY - - - - 1 0 0
0 -
16 VTY - - - - 1 0 0
0 -


"Doan" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
>
> There is your problem. You have more than 5 VTY lines!
> Try vty 0 16
> access-class 1 in
>
> Doan
>
>
> On Fri, 25 Aug 2006, tony wrote:
>
>> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
>> Int
>> 0 CTY - - - - - 0 0
>> 0 -
>> * 1 VTY - - - - 1 15 0
>> 0 -
>> 2 VTY - - - - 1 4 0
>> 0 -
>> 3 VTY - - - - 1 0 0
>> 0 -
>> 4 VTY - - - - 1 0 0
>> 0 -
>> 5 VTY - - - - 1 0 0
>> 0 -
>> 6 VTY - - - - - 0 0
>> 0 -
>> 7 VTY - - - - - 0 0
>> 0 -
>> 8 VTY - - - - - 0 0
>> 0 -
>> 9 VTY - - - - - 0 0
>> 0 -
>> 10 VTY - - - - - 0 0
>> 0 -
>> 11 VTY - - - - - 0 0
>> 0 -
>> 12 VTY - - - - - 0 0
>> 0 -
>> 13 VTY - - - - - 0 0
>> 0 -
>> 14 VTY - - - - - 0 0
>> 0 -
>> 15 VTY - - - - - 0 0
>> 0 -
>> 16 VTY - - - - - 0 0
>> 0 -
>> "Doan" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed)...
>> > On Fri, 25 Aug 2006, tony wrote:
>> >
>> >> i am trying to restrict telnet to a switch from one host only
>> >>
>> >> so I did
>> >>
>> >> access-list 1 permit host 10.10.10.5
>> >>
>> >> line vty 0 4
>> >> access-class 1 in
>> >>
>> >> but another host on the 10.10.10.x net can still telnet to the switch
>> >>
>> >> What is wrong?
>> >>
>> > What does a "show line" say?
>> >
>> > Doan
>> >
>> >

>>
>>
>>

>



 
Reply With Quote
 
Doan
Guest
Posts: n/a
 
      08-25-2006

Can you do a "show access-list 1"?

Doan


On Fri, 25 Aug 2006, tony wrote:

> Its still does not work
>
> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
> Int
> 0 CTY - - - - - 0 0
> 0 -
> * 1 VTY - - - - 1 16 0
> 0 -
> * 2 VTY - - - - 1 7 0
> 0 -
> 3 VTY - - - - 1 0 0
> 0 -
> 4 VTY - - - - 1 0 0
> 0 -
> 5 VTY - - - - 1 0 0
> 0 -
> 6 VTY - - - - 1 0 0
> 0 -
> 7 VTY - - - - 1 0 0
> 0 -
> 8 VTY - - - - 1 0 0
> 0 -
> 9 VTY - - - - 1 0 0
> 0 -
> 10 VTY - - - - 1 0 0
> 0 -
> 11 VTY - - - - 1 0 0
> 0 -
> 12 VTY - - - - 1 0 0
> 0 -
> 13 VTY - - - - 1 0 0
> 0 -
> 14 VTY - - - - 1 0 0
> 0 -
> 15 VTY - - - - 1 0 0
> 0 -
> 16 VTY - - - - 1 0 0
> 0 -
>
>
> "Doan" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
> >
> > There is your problem. You have more than 5 VTY lines!
> > Try vty 0 16
> > access-class 1 in
> >
> > Doan
> >
> >
> > On Fri, 25 Aug 2006, tony wrote:
> >
> >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
> >> Int
> >> 0 CTY - - - - - 0 0
> >> 0 -
> >> * 1 VTY - - - - 1 15 0
> >> 0 -
> >> 2 VTY - - - - 1 4 0
> >> 0 -
> >> 3 VTY - - - - 1 0 0
> >> 0 -
> >> 4 VTY - - - - 1 0 0
> >> 0 -
> >> 5 VTY - - - - 1 0 0
> >> 0 -
> >> 6 VTY - - - - - 0 0
> >> 0 -
> >> 7 VTY - - - - - 0 0
> >> 0 -
> >> 8 VTY - - - - - 0 0
> >> 0 -
> >> 9 VTY - - - - - 0 0
> >> 0 -
> >> 10 VTY - - - - - 0 0
> >> 0 -
> >> 11 VTY - - - - - 0 0
> >> 0 -
> >> 12 VTY - - - - - 0 0
> >> 0 -
> >> 13 VTY - - - - - 0 0
> >> 0 -
> >> 14 VTY - - - - - 0 0
> >> 0 -
> >> 15 VTY - - - - - 0 0
> >> 0 -
> >> 16 VTY - - - - - 0 0
> >> 0 -
> >> "Doan" <(E-Mail Removed)> wrote in message
> >> news(E-Mail Removed)...
> >> > On Fri, 25 Aug 2006, tony wrote:
> >> >
> >> >> i am trying to restrict telnet to a switch from one host only
> >> >>
> >> >> so I did
> >> >>
> >> >> access-list 1 permit host 10.10.10.5
> >> >>
> >> >> line vty 0 4
> >> >> access-class 1 in
> >> >>
> >> >> but another host on the 10.10.10.x net can still telnet to the switch
> >> >>
> >> >> What is wrong?
> >> >>
> >> > What does a "show line" say?
> >> >
> >> > Doan
> >> >
> >> >
> >>
> >>
> >>

> >

>
>
>


 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      08-26-2006
tony wrote:

> i am trying to restrict telnet to a switch from one host only
>
> so I did
>
> access-list 1 permit host 10.10.10.5
>
> line vty 0 4
> access-class 1 in
>
> but another host on the 10.10.10.x net can still telnet to the switch
>
> What is wrong?


can you even use access-class on a switch???

--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
chris
Guest
Posts: n/a
 
      08-26-2006

> can you even use access-class on a switch???
>


Yes. All of my switches use an access class on the vty lines.

Chris.


 
Reply With Quote
 
The Dude
Guest
Posts: n/a
 
      08-26-2006

"tony" <(E-Mail Removed)> wrote in message
news:ecno84$p9v$(E-Mail Removed)...
>i am trying to restrict telnet to a switch from one host only
>
> so I did
>
> access-list 1 permit host 10.10.10.5
>
> line vty 0 4
> access-class 1 in
>
> but another host on the 10.10.10.x net can still telnet to the switch
>
> What is wrong?


I am sorry, I am not following here: you are trying to restrict with the
command "permit"
and I also do not see the command deny tcp eq 23 (telnet) ....

The Dude


 
Reply With Quote
 
Doan
Guest
Posts: n/a
 
      08-26-2006
On Sat, 26 Aug 2006, chris wrote:

>
> > can you even use access-class on a switch???
> >

>
> Yes. All of my switches use an access class on the vty lines.
>
> Chris.


So when you telnet'd in from other machines, which vty line did it come
in on (the vty line that has *)? Also, is there any other entries in
you access-list 1?

Doan

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Appending a list's elements to another list using a list comprehension Debajit Adhikary Python 17 10-18-2007 06:45 PM
Why does list.__getitem__ return a list instance for subclasses ofthe list type? dackz Python 0 02-06-2007 04:44 PM
403 Forbidden: You were denied access because: Access denied by access control list Southern Kiwi NZ Computing 6 03-19-2006 05:19 AM
Difference Between List x; and List x(); , if 'List' is a Class? roopa C++ 6 08-27-2004 06:18 PM
I'd like to know about the difference of between access-list and ip access -list. PS2 gamer Cisco 6 06-09-2004 01:37 PM



Advertisments