100.100.1 can use Telnet to connect to 10.1.1.1, but this connection should not
be allowed. The following output reveals information about the access list(s) in place to help
determine the possible cause of the problem:
RouterX# sshhooww aacccceessss--lliissttss 115500
Extended IP access list 150
10 deny tcp host 10.100.100.1 any eq telnet
20 permit ip any any
Access list 150 is applied to interface S0 in the inbound direction.
The cause of this problem is that the Host 10.100.100.1 can use Telnet to connect to 10.1.1.1
because of the direction in which access list 150 is applied to the S0 interface. Statement 10 denies
the source address of 10.100.100.1, but that address would only be the source if the traf?¬?c were
outbound on S0, not inbound. One solution would be to modify the direction in which the list was
applied.
Host 10.1.1.1 can connect into RouterX using Telnet, but this connection should not be allowed.
The following output reveals information about the access list(s) in place to help determine the
possible cause of the problem:
RouterX# sshhooww aacccceessss--lliissttss 116600
Extended IP access list 160
10 deny tcp any host 10.
Pages:
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370