Example 6-5 demonstrates how to limit access to the Telnet process.
In this example, you permit any device on network 192.168.1.0 0.0.0.255 to establish a virtual
terminal (Telnet) session with the router. Of course, the user must know the appropriate passwords
to enter user mode and privileged mode.
Notice that identical restrictions have been set on every vty line (0 to 4) because you cannot control
on which vty line a user will connect. The implicit deny any statement still applies to the ACL
when it is used as an access class entry.
Con?¬?guring Numbered Extended IPv4 ACLs
For more precise traf?¬?c-?¬?ltering control, use extended IPv4 ACLs, numbered 100 to 199 and 2000
to 2699 or named, which check for the source and destination IPv4 address. In addition, at the end
of the extended ACL statement, you can specify the protocol and optional TCP or User Datagram
Protocol (UDP) application to ?¬?lter more precisely. Figure 6-16 illustrates the IP header ?¬?elds that
can be examined with an extended access list.
Example 6-5 Access List Preventing Telnet Activity
access-list 12 permit 192.168.1.0 0.0.0.255
(implicit deny any)
!
line vty 0 4
access-class 12 in
228 Chapter 6: Managing Traffic with Access Control Lists
Figure 6-16 Extended IPv4 Access Lists
To specify an application, you can con?¬?gure either the port number or the name of a well-known
application.
Pages:
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348