If you want to deny Telnet inbound on S0, the solution is
to deny the destination port number that is equal to Telnet, for example, deny tcp any any eq
telnet.
Host 10.1.1.1 can use Telnet to connect to 10.100.100.1, but this connection should not be allowed.
The following output reveals information about the access list(s) in place to help determine the
possible cause of the problem:
RouterX# sshhooww aacccceessss--lliissttss 114400
Extended IP access list 140
10 deny tcp host 10.160.22.11 10.100.100.0 0.0.0.255 eq telnet
20 deny tcp 192.168.1.0 0.0.0.255 host 10.100.100.1 eq smtp
30 permit ip any any
The cause of this problem is that the Host 10.1.1.1 can use Telnet to connect to 10.100.100.1
because there are no rules that deny host 10.1.1.1 or its network as the source. Statement 10 of
access list 140 denies the router interface from which traf?¬?c would be departing. But as these
packets depart the router, they have a source address of 10.1.1.1 and not the address of the router
interface. The solution to this problem would be to modify entry 10 so that 10.1.0.0 subnet was
denied instead of the address 10.160.22.11.
Troubleshooting ACLs 243
Problem: Host 10.
Pages:
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369