The abbreviation any
indicates a source address of 0.0.0.0 and a wildcard mask of
255.255.255.255; all source addresses will match.
E1
S0
E0
Non-
172.16.0.0 172.16.4.0
172.16.4.13
172.16.3.0
Con?¬?guring ACLs 227
This ACL is designed to block traf?¬?c from a speci?¬?c subnet, 172.16.4.0, and to allow all other
traf?¬?c to be forwarded out E0.
Controlling Access to the Router Using ACLs
To control traf?¬?c into and out of the router (not through the router), you will protect the router
virtual ports. A virtual port is called a vty. By default, there are ?¬?ve such virtual terminal lines,
numbered vty 0 through vty 4. When con?¬?gured, Cisco IOS Software images can support more
than ?¬?ve vty ports.
Restricting vty access is primarily a technique for increasing network security and de?¬?ning which
addresses are allowed Telnet access to the router EXEC process.
Filtering Telnet traf?¬?c is typically considered an extended IP ACL function because it ?¬?lters a
higher-level protocol. Because you are ?¬?ltering incoming or outgoing Telnet sessions by source
addresses and applying the ?¬?lter using the access-class command to the vty lines, you can use
standard IP ACL statements to control vty access.
Pages:
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347