access list problem

Discussion in 'Cisco' started by tony, Aug 25, 2006.

  1. tony

    tony Guest

    i am trying to restrict telnet to a switch from one host only

    so I did

    access-list 1 permit host 10.10.10.5

    line vty 0 4
    access-class 1 in

    but another host on the 10.10.10.x net can still telnet to the switch

    What is wrong?
    tony, Aug 25, 2006
    #1
    1. Advertising

  2. tony

    Doan Guest

    On Fri, 25 Aug 2006, tony wrote:

    > i am trying to restrict telnet to a switch from one host only
    >
    > so I did
    >
    > access-list 1 permit host 10.10.10.5
    >
    > line vty 0 4
    > access-class 1 in
    >
    > but another host on the 10.10.10.x net can still telnet to the switch
    >
    > What is wrong?
    >

    What does a "show line" say?

    Doan
    Doan, Aug 25, 2006
    #2
    1. Advertising

  3. tony

    tony Guest

    Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    Int
    0 CTY - - - - - 0 0
    0 -
    * 1 VTY - - - - 1 15 0
    0 -
    2 VTY - - - - 1 4 0
    0 -
    3 VTY - - - - 1 0 0
    0 -
    4 VTY - - - - 1 0 0
    0 -
    5 VTY - - - - 1 0 0
    0 -
    6 VTY - - - - - 0 0
    0 -
    7 VTY - - - - - 0 0
    0 -
    8 VTY - - - - - 0 0
    0 -
    9 VTY - - - - - 0 0
    0 -
    10 VTY - - - - - 0 0
    0 -
    11 VTY - - - - - 0 0
    0 -
    12 VTY - - - - - 0 0
    0 -
    13 VTY - - - - - 0 0
    0 -
    14 VTY - - - - - 0 0
    0 -
    15 VTY - - - - - 0 0
    0 -
    16 VTY - - - - - 0 0
    0 -
    "Doan" <> wrote in message
    news:p...
    > On Fri, 25 Aug 2006, tony wrote:
    >
    >> i am trying to restrict telnet to a switch from one host only
    >>
    >> so I did
    >>
    >> access-list 1 permit host 10.10.10.5
    >>
    >> line vty 0 4
    >> access-class 1 in
    >>
    >> but another host on the 10.10.10.x net can still telnet to the switch
    >>
    >> What is wrong?
    >>

    > What does a "show line" say?
    >
    > Doan
    >
    >
    tony, Aug 25, 2006
    #3
  4. tony

    Doan Guest

    There is your problem. You have more than 5 VTY lines!
    Try vty 0 16
    access-class 1 in

    Doan


    On Fri, 25 Aug 2006, tony wrote:

    > Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    > Int
    > 0 CTY - - - - - 0 0
    > 0 -
    > * 1 VTY - - - - 1 15 0
    > 0 -
    > 2 VTY - - - - 1 4 0
    > 0 -
    > 3 VTY - - - - 1 0 0
    > 0 -
    > 4 VTY - - - - 1 0 0
    > 0 -
    > 5 VTY - - - - 1 0 0
    > 0 -
    > 6 VTY - - - - - 0 0
    > 0 -
    > 7 VTY - - - - - 0 0
    > 0 -
    > 8 VTY - - - - - 0 0
    > 0 -
    > 9 VTY - - - - - 0 0
    > 0 -
    > 10 VTY - - - - - 0 0
    > 0 -
    > 11 VTY - - - - - 0 0
    > 0 -
    > 12 VTY - - - - - 0 0
    > 0 -
    > 13 VTY - - - - - 0 0
    > 0 -
    > 14 VTY - - - - - 0 0
    > 0 -
    > 15 VTY - - - - - 0 0
    > 0 -
    > 16 VTY - - - - - 0 0
    > 0 -
    > "Doan" <> wrote in message
    > news:p...
    > > On Fri, 25 Aug 2006, tony wrote:
    > >
    > >> i am trying to restrict telnet to a switch from one host only
    > >>
    > >> so I did
    > >>
    > >> access-list 1 permit host 10.10.10.5
    > >>
    > >> line vty 0 4
    > >> access-class 1 in
    > >>
    > >> but another host on the 10.10.10.x net can still telnet to the switch
    > >>
    > >> What is wrong?
    > >>

    > > What does a "show line" say?
    > >
    > > Doan
    > >
    > >

    >
    >
    >
    Doan, Aug 25, 2006
    #4
  5. tony

    tony Guest

    Its still does not work

    Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    Int
    0 CTY - - - - - 0 0
    0 -
    * 1 VTY - - - - 1 16 0
    0 -
    * 2 VTY - - - - 1 7 0
    0 -
    3 VTY - - - - 1 0 0
    0 -
    4 VTY - - - - 1 0 0
    0 -
    5 VTY - - - - 1 0 0
    0 -
    6 VTY - - - - 1 0 0
    0 -
    7 VTY - - - - 1 0 0
    0 -
    8 VTY - - - - 1 0 0
    0 -
    9 VTY - - - - 1 0 0
    0 -
    10 VTY - - - - 1 0 0
    0 -
    11 VTY - - - - 1 0 0
    0 -
    12 VTY - - - - 1 0 0
    0 -
    13 VTY - - - - 1 0 0
    0 -
    14 VTY - - - - 1 0 0
    0 -
    15 VTY - - - - 1 0 0
    0 -
    16 VTY - - - - 1 0 0
    0 -


    "Doan" <> wrote in message
    news:p...
    >
    > There is your problem. You have more than 5 VTY lines!
    > Try vty 0 16
    > access-class 1 in
    >
    > Doan
    >
    >
    > On Fri, 25 Aug 2006, tony wrote:
    >
    >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    >> Int
    >> 0 CTY - - - - - 0 0
    >> 0 -
    >> * 1 VTY - - - - 1 15 0
    >> 0 -
    >> 2 VTY - - - - 1 4 0
    >> 0 -
    >> 3 VTY - - - - 1 0 0
    >> 0 -
    >> 4 VTY - - - - 1 0 0
    >> 0 -
    >> 5 VTY - - - - 1 0 0
    >> 0 -
    >> 6 VTY - - - - - 0 0
    >> 0 -
    >> 7 VTY - - - - - 0 0
    >> 0 -
    >> 8 VTY - - - - - 0 0
    >> 0 -
    >> 9 VTY - - - - - 0 0
    >> 0 -
    >> 10 VTY - - - - - 0 0
    >> 0 -
    >> 11 VTY - - - - - 0 0
    >> 0 -
    >> 12 VTY - - - - - 0 0
    >> 0 -
    >> 13 VTY - - - - - 0 0
    >> 0 -
    >> 14 VTY - - - - - 0 0
    >> 0 -
    >> 15 VTY - - - - - 0 0
    >> 0 -
    >> 16 VTY - - - - - 0 0
    >> 0 -
    >> "Doan" <> wrote in message
    >> news:p...
    >> > On Fri, 25 Aug 2006, tony wrote:
    >> >
    >> >> i am trying to restrict telnet to a switch from one host only
    >> >>
    >> >> so I did
    >> >>
    >> >> access-list 1 permit host 10.10.10.5
    >> >>
    >> >> line vty 0 4
    >> >> access-class 1 in
    >> >>
    >> >> but another host on the 10.10.10.x net can still telnet to the switch
    >> >>
    >> >> What is wrong?
    >> >>
    >> > What does a "show line" say?
    >> >
    >> > Doan
    >> >
    >> >

    >>
    >>
    >>

    >
    tony, Aug 25, 2006
    #5
  6. tony

    Doan Guest

    Can you do a "show access-list 1"?

    Doan


    On Fri, 25 Aug 2006, tony wrote:

    > Its still does not work
    >
    > Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    > Int
    > 0 CTY - - - - - 0 0
    > 0 -
    > * 1 VTY - - - - 1 16 0
    > 0 -
    > * 2 VTY - - - - 1 7 0
    > 0 -
    > 3 VTY - - - - 1 0 0
    > 0 -
    > 4 VTY - - - - 1 0 0
    > 0 -
    > 5 VTY - - - - 1 0 0
    > 0 -
    > 6 VTY - - - - 1 0 0
    > 0 -
    > 7 VTY - - - - 1 0 0
    > 0 -
    > 8 VTY - - - - 1 0 0
    > 0 -
    > 9 VTY - - - - 1 0 0
    > 0 -
    > 10 VTY - - - - 1 0 0
    > 0 -
    > 11 VTY - - - - 1 0 0
    > 0 -
    > 12 VTY - - - - 1 0 0
    > 0 -
    > 13 VTY - - - - 1 0 0
    > 0 -
    > 14 VTY - - - - 1 0 0
    > 0 -
    > 15 VTY - - - - 1 0 0
    > 0 -
    > 16 VTY - - - - 1 0 0
    > 0 -
    >
    >
    > "Doan" <> wrote in message
    > news:p...
    > >
    > > There is your problem. You have more than 5 VTY lines!
    > > Try vty 0 16
    > > access-class 1 in
    > >
    > > Doan
    > >
    > >
    > > On Fri, 25 Aug 2006, tony wrote:
    > >
    > >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    > >> Int
    > >> 0 CTY - - - - - 0 0
    > >> 0 -
    > >> * 1 VTY - - - - 1 15 0
    > >> 0 -
    > >> 2 VTY - - - - 1 4 0
    > >> 0 -
    > >> 3 VTY - - - - 1 0 0
    > >> 0 -
    > >> 4 VTY - - - - 1 0 0
    > >> 0 -
    > >> 5 VTY - - - - 1 0 0
    > >> 0 -
    > >> 6 VTY - - - - - 0 0
    > >> 0 -
    > >> 7 VTY - - - - - 0 0
    > >> 0 -
    > >> 8 VTY - - - - - 0 0
    > >> 0 -
    > >> 9 VTY - - - - - 0 0
    > >> 0 -
    > >> 10 VTY - - - - - 0 0
    > >> 0 -
    > >> 11 VTY - - - - - 0 0
    > >> 0 -
    > >> 12 VTY - - - - - 0 0
    > >> 0 -
    > >> 13 VTY - - - - - 0 0
    > >> 0 -
    > >> 14 VTY - - - - - 0 0
    > >> 0 -
    > >> 15 VTY - - - - - 0 0
    > >> 0 -
    > >> 16 VTY - - - - - 0 0
    > >> 0 -
    > >> "Doan" <> wrote in message
    > >> news:p...
    > >> > On Fri, 25 Aug 2006, tony wrote:
    > >> >
    > >> >> i am trying to restrict telnet to a switch from one host only
    > >> >>
    > >> >> so I did
    > >> >>
    > >> >> access-list 1 permit host 10.10.10.5
    > >> >>
    > >> >> line vty 0 4
    > >> >> access-class 1 in
    > >> >>
    > >> >> but another host on the 10.10.10.x net can still telnet to the switch
    > >> >>
    > >> >> What is wrong?
    > >> >>
    > >> > What does a "show line" say?
    > >> >
    > >> > Doan
    > >> >
    > >> >
    > >>
    > >>
    > >>

    > >

    >
    >
    >
    Doan, Aug 26, 2006
    #6
  7. tony

    Hansang Bae Guest

    tony wrote:

    > i am trying to restrict telnet to a switch from one host only
    >
    > so I did
    >
    > access-list 1 permit host 10.10.10.5
    >
    > line vty 0 4
    > access-class 1 in
    >
    > but another host on the 10.10.10.x net can still telnet to the switch
    >
    > What is wrong?


    can you even use access-class on a switch???

    --

    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Aug 26, 2006
    #7
  8. tony

    chris Guest


    > can you even use access-class on a switch???
    >


    Yes. All of my switches use an access class on the vty lines.

    Chris.
    chris, Aug 26, 2006
    #8
  9. tony

    The Dude Guest

    "tony" <> wrote in message
    news:ecno84$p9v$...
    >i am trying to restrict telnet to a switch from one host only
    >
    > so I did
    >
    > access-list 1 permit host 10.10.10.5
    >
    > line vty 0 4
    > access-class 1 in
    >
    > but another host on the 10.10.10.x net can still telnet to the switch
    >
    > What is wrong?


    I am sorry, I am not following here: you are trying to restrict with the
    command "permit"
    and I also do not see the command deny tcp eq 23 (telnet) ....

    The Dude
    The Dude, Aug 26, 2006
    #9
  10. tony

    Doan Guest

    On Sat, 26 Aug 2006, chris wrote:

    >
    > > can you even use access-class on a switch???
    > >

    >
    > Yes. All of my switches use an access class on the vty lines.
    >
    > Chris.


    So when you telnet'd in from other machines, which vty line did it come
    in on (the vty line that has *)? Also, is there any other entries in
    you access-list 1?

    Doan
    Doan, Aug 26, 2006
    #10
  11. tony

    Doan Guest

    On Sat, 26 Aug 2006, it was written:

    >
    > "tony" <> wrote in message
    > news:ecno84$p9v$...
    > >i am trying to restrict telnet to a switch from one host only
    > >
    > > so I did
    > >
    > > access-list 1 permit host 10.10.10.5
    > >
    > > line vty 0 4
    > > access-class 1 in
    > >
    > > but another host on the 10.10.10.x net can still telnet to the switch
    > >
    > > What is wrong?

    >
    > I am sorry, I am not following here: you are trying to restrict with the
    > command "permit"
    > and I also do not see the command deny tcp eq 23 (telnet) ....
    >
    > The Dude
    >

    He is permitting one host, the implicit deny at the end of every
    access-list will deny the rest. He is using standard access-list (1-99),
    not extended access-list.

    Doan
    Doan, Aug 26, 2006
    #11
  12. tony

    The Dude Guest

    "Doan" <> wrote in message
    news:p...
    > On Sat, 26 Aug 2006, it was written:
    >
    >>
    >> "tony" <> wrote in message
    >> news:ecno84$p9v$...
    >> >i am trying to restrict telnet to a switch from one host only
    >> >
    >> > so I did
    >> >
    >> > access-list 1 permit host 10.10.10.5
    >> >
    >> > line vty 0 4
    >> > access-class 1 in
    >> >
    >> > but another host on the 10.10.10.x net can still telnet to the switch
    >> >
    >> > What is wrong?

    >>
    >> I am sorry, I am not following here: you are trying to restrict with the
    >> command "permit"
    >> and I also do not see the command deny tcp eq 23 (telnet) ....
    >>
    >> The Dude
    >>

    > He is permitting one host, the implicit deny at the end of every
    > access-list will deny the rest. He is using standard access-list (1-99),
    > not extended access-list.
    >
    > Doan


    Ooops, "telnet" got stuck in my mind and missed 1 in access-list 1
    Thanks for the feedback!

    The Dude
    The Dude, Aug 27, 2006
    #12
  13. tony

    NO_spamm Guest

    On Fri, 25 Aug 2006 13:57:39 -0700, tony wrote:

    > i am trying to restrict telnet to a switch from one host only
    >
    > so I did
    >
    > access-list 1 permit host 10.10.10.5
    >
    > line vty 0 4
    > access-class 1 in
    >
    > but another host on the 10.10.10.x net can still telnet to the switch
    >
    > What is wrong?


    Your switch may have vty 0 15 defined. You should check this.
    And probably you the restriction only to the first 5 vty's


    FW
    NO_spamm, Aug 27, 2006
    #13
  14. tony

    layer3 Guest

    The reason it is not working is because it is a standard ACL it should
    state: access-list 101 deny tcp (source IP) (destination IP) eq 23
    needs to be placed closest to the source.
    NO_spamm wrote:
    > On Fri, 25 Aug 2006 13:57:39 -0700, tony wrote:
    >
    > > i am trying to restrict telnet to a switch from one host only
    > >
    > > so I did
    > >
    > > access-list 1 permit host 10.10.10.5
    > >
    > > line vty 0 4
    > > access-class 1 in
    > >
    > > but another host on the 10.10.10.x net can still telnet to the switch
    > >
    > > What is wrong?

    >
    > Your switch may have vty 0 15 defined. You should check this.
    > And probably you the restriction only to the first 5 vty's
    >
    >
    > FW
    layer3, Aug 27, 2006
    #14
  15. tony

    Merv Guest

    Merv, Aug 27, 2006
    #15
  16. tony

    tony Guest

    Here is part of the config


    access-list 1 permit 10.10.10.5
    access-list 1 deny any
    !
    line con 0
    line vty 0 4
    access-class 1 in
    password 7 xxxxxxxxxxxx
    login
    line vty 5 15
    access-class 1 in
    login

    From host 10.10.10.5 I can telnet in.

    From host 10.10.10.6 I can still telnet in

    why?

    "Merv" <> wrote in message
    news:...
    >
    > Cisco CCO site clearly indicates that standard access lists are
    > sufficient to control vty access
    >
    > see
    >
    > http://www.cisco.com/en/US/products..._guide_chapter09186a0080716ec2.html#wp1049991
    >
    tony, Aug 28, 2006
    #16
  17. tony

    tony Guest

    edu-cer-3750A#sh access-list 1
    Standard IP access list 1
    permit 10.10.10.5
    deny any
    "Doan" <> wrote in message
    news:p...
    >
    > Can you do a "show access-list 1"?
    >
    > Doan
    >
    >
    > On Fri, 25 Aug 2006, tony wrote:
    >
    >> Its still does not work
    >>
    >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    >> Int
    >> 0 CTY - - - - - 0 0
    >> 0 -
    >> * 1 VTY - - - - 1 16 0
    >> 0 -
    >> * 2 VTY - - - - 1 7 0
    >> 0 -
    >> 3 VTY - - - - 1 0 0
    >> 0 -
    >> 4 VTY - - - - 1 0 0
    >> 0 -
    >> 5 VTY - - - - 1 0 0
    >> 0 -
    >> 6 VTY - - - - 1 0 0
    >> 0 -
    >> 7 VTY - - - - 1 0 0
    >> 0 -
    >> 8 VTY - - - - 1 0 0
    >> 0 -
    >> 9 VTY - - - - 1 0 0
    >> 0 -
    >> 10 VTY - - - - 1 0 0
    >> 0 -
    >> 11 VTY - - - - 1 0 0
    >> 0 -
    >> 12 VTY - - - - 1 0 0
    >> 0 -
    >> 13 VTY - - - - 1 0 0
    >> 0 -
    >> 14 VTY - - - - 1 0 0
    >> 0 -
    >> 15 VTY - - - - 1 0 0
    >> 0 -
    >> 16 VTY - - - - 1 0 0
    >> 0 -
    >>
    >>
    >> "Doan" <> wrote in message
    >> news:p...
    >> >
    >> > There is your problem. You have more than 5 VTY lines!
    >> > Try vty 0 16
    >> > access-class 1 in
    >> >
    >> > Doan
    >> >
    >> >
    >> > On Fri, 25 Aug 2006, tony wrote:
    >> >
    >> >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
    >> >> Overruns
    >> >> Int
    >> >> 0 CTY - - - - - 0 0
    >> >> 0 -
    >> >> * 1 VTY - - - - 1 15 0
    >> >> 0 -
    >> >> 2 VTY - - - - 1 4 0
    >> >> 0 -
    >> >> 3 VTY - - - - 1 0 0
    >> >> 0 -
    >> >> 4 VTY - - - - 1 0 0
    >> >> 0 -
    >> >> 5 VTY - - - - 1 0 0
    >> >> 0 -
    >> >> 6 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 7 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 8 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 9 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 10 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 11 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 12 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 13 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 14 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 15 VTY - - - - - 0 0
    >> >> 0 -
    >> >> 16 VTY - - - - - 0 0
    >> >> 0 -
    >> >> "Doan" <> wrote in message
    >> >> news:p...
    >> >> > On Fri, 25 Aug 2006, tony wrote:
    >> >> >
    >> >> >> i am trying to restrict telnet to a switch from one host only
    >> >> >>
    >> >> >> so I did
    >> >> >>
    >> >> >> access-list 1 permit host 10.10.10.5
    >> >> >>
    >> >> >> line vty 0 4
    >> >> >> access-class 1 in
    >> >> >>
    >> >> >> but another host on the 10.10.10.x net can still telnet to the
    >> >> >> switch
    >> >> >>
    >> >> >> What is wrong?
    >> >> >>
    >> >> > What does a "show line" say?
    >> >> >
    >> >> > Doan
    >> >> >
    >> >> >
    >> >>
    >> >>
    >> >>
    >> >

    >>
    >>
    >>

    >
    tony, Aug 28, 2006
    #17
  18. tony

    Merv Guest

    What IOS version is being used ?

    Please output of show version
    Merv, Aug 28, 2006
    #18
  19. tony

    tony Guest

    Cisco Internetwork Operating System Software
    IOS (tm) C3750 Software (C3750-I9-M), Version 12.1(11)AX, RELEASE SOFTWARE
    (fc3)
    Copyright (c) 1986-2003 by cisco Systems, Inc.
    Compiled Mon 21-Apr-03 11:37 by madison
    Image text-base: 0x00003000, data-base: 0x006BA6CC

    ROM: Bootstrap program is C3750 boot loader
    BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(11r)AX, RELEASE
    SOFTWARE
    (fc1)

    edu-cer-3750A uptime is 10 weeks, 3 days, 23 hours, 35 minutes
    System returned to ROM by power-on
    System restarted at 17:33:00 UTC Thu Jun 15 2006
    System image file is "flash:c3750-i9-mz.121.11-AX/c3750-i9-mz.121.11-AX.bin"

    cisco WS-C3750G-24TS-S (PowerPC405) processor (revision B0) with
    120822K/10240K
    bytes of memory.
    Processor board ID CAT0735X0X0
    Last reset from power-on
    1 Virtual Ethernet/IEEE 802.3 interface(s)
    28 Gigabit Ethernet/IEEE 802.3 interface(s)
    The password-recovery mechanism is enabled.




    "Merv" <> wrote in message
    news:...
    >
    > What IOS version is being used ?
    >
    > Please output of show version
    >
    tony, Aug 28, 2006
    #19
  20. tony

    Doan Guest

    Can you repeat the command after telneting from 10.10.10.5 and other
    hosts? I want to see if you are getting any hit on the access-list 1.

    Doan


    On Mon, 28 Aug 2006, tony wrote:

    > edu-cer-3750A#sh access-list 1
    > Standard IP access list 1
    > permit 10.10.10.5
    > deny any
    > "Doan" <> wrote in message
    > news:p...
    > >
    > > Can you do a "show access-list 1"?
    > >
    > > Doan
    > >
    > >
    > > On Fri, 25 Aug 2006, tony wrote:
    > >
    > >> Its still does not work
    > >>
    > >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
    > >> Int
    > >> 0 CTY - - - - - 0 0
    > >> 0 -
    > >> * 1 VTY - - - - 1 16 0
    > >> 0 -
    > >> * 2 VTY - - - - 1 7 0
    > >> 0 -
    > >> 3 VTY - - - - 1 0 0
    > >> 0 -
    > >> 4 VTY - - - - 1 0 0
    > >> 0 -
    > >> 5 VTY - - - - 1 0 0
    > >> 0 -
    > >> 6 VTY - - - - 1 0 0
    > >> 0 -
    > >> 7 VTY - - - - 1 0 0
    > >> 0 -
    > >> 8 VTY - - - - 1 0 0
    > >> 0 -
    > >> 9 VTY - - - - 1 0 0
    > >> 0 -
    > >> 10 VTY - - - - 1 0 0
    > >> 0 -
    > >> 11 VTY - - - - 1 0 0
    > >> 0 -
    > >> 12 VTY - - - - 1 0 0
    > >> 0 -
    > >> 13 VTY - - - - 1 0 0
    > >> 0 -
    > >> 14 VTY - - - - 1 0 0
    > >> 0 -
    > >> 15 VTY - - - - 1 0 0
    > >> 0 -
    > >> 16 VTY - - - - 1 0 0
    > >> 0 -
    > >>
    > >>
    > >> "Doan" <> wrote in message
    > >> news:p...
    > >> >
    > >> > There is your problem. You have more than 5 VTY lines!
    > >> > Try vty 0 16
    > >> > access-class 1 in
    > >> >
    > >> > Doan
    > >> >
    > >> >
    > >> > On Fri, 25 Aug 2006, tony wrote:
    > >> >
    > >> >> Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
    > >> >> Overruns
    > >> >> Int
    > >> >> 0 CTY - - - - - 0 0
    > >> >> 0 -
    > >> >> * 1 VTY - - - - 1 15 0
    > >> >> 0 -
    > >> >> 2 VTY - - - - 1 4 0
    > >> >> 0 -
    > >> >> 3 VTY - - - - 1 0 0
    > >> >> 0 -
    > >> >> 4 VTY - - - - 1 0 0
    > >> >> 0 -
    > >> >> 5 VTY - - - - 1 0 0
    > >> >> 0 -
    > >> >> 6 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 7 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 8 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 9 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 10 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 11 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 12 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 13 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 14 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 15 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> 16 VTY - - - - - 0 0
    > >> >> 0 -
    > >> >> "Doan" <> wrote in message
    > >> >> news:p...
    > >> >> > On Fri, 25 Aug 2006, tony wrote:
    > >> >> >
    > >> >> >> i am trying to restrict telnet to a switch from one host only
    > >> >> >>
    > >> >> >> so I did
    > >> >> >>
    > >> >> >> access-list 1 permit host 10.10.10.5
    > >> >> >>
    > >> >> >> line vty 0 4
    > >> >> >> access-class 1 in
    > >> >> >>
    > >> >> >> but another host on the 10.10.10.x net can still telnet to the
    > >> >> >> switch
    > >> >> >>
    > >> >> >> What is wrong?
    > >> >> >>
    > >> >> > What does a "show line" say?
    > >> >> >
    > >> >> > Doan
    > >> >> >
    > >> >> >
    > >> >>
    > >> >>
    > >> >>
    > >> >
    > >>
    > >>
    > >>

    > >

    >
    >
    >
    Doan, Aug 28, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J Bard
    Replies:
    2
    Views:
    4,000
    J Bard
    Jan 10, 2004
  2. PS2 gamer
    Replies:
    6
    Views:
    6,669
    Hansang Bae
    Jun 9, 2004
  3. Yehavi Bourvine
    Replies:
    1
    Views:
    1,056
    Hansang Bae
    Aug 26, 2004
  4. paeengi8
    Replies:
    0
    Views:
    794
    paeengi8
    Jun 25, 2007
  5. Southern Kiwi
    Replies:
    6
    Views:
    2,109
    Southern Kiwi
    Mar 19, 2006
Loading...

Share This Page