16.0.0 0.0.255.255 any eq telnet
20 deny tcp 192.168.1.0 0.0.0.255 host 10.100.100.1 eq smtp
30 permit tcp any any
The cause of this problem is that the 192.168.1.0 network cannot use TFTP to connect to
10.100.100.1 because TFTP uses the transport protocol UDP. Statement 30 in access list 120
allows all other TCP traf?¬?c, and because TFTP uses UDP, it is implicitly denied. The solution to
this problem is to correct statement 30; it should be ip any any.
The 172.16.0.0 network can use Telnet to connect to 10.100.100.1, but this connection should not
be allowed. The following output reveals information about the access list(s) in place to help
determine the possible cause of the problem:
RouterX# sshhooww aacccceessss--lliissttss 113300
Extended IP access list 130
10 deny tcp any eq telnet any
20 deny tcp 192.168.1.0 0.0.0.255 host 10.100.100.1 eq smtp
30 permit ip any any
The cause of this problem is that the 172.16.0.0 network can use Telnet to connect to 10.100.100.1
because the Telnet port number in statement 10 of access list 130 is in the wrong position.
Statement 10 currently denies any source with a port number that is equal to Telnet trying to
establish a connection to any IP address.
Pages:
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368