160.22.33 eq telnet
20 permit ip any any
The cause of this problem is that the Host 10.1.1.1 can connect into Router B using Telnet because
using Telnet to connect into the router is different from using Telnet to connect through the router
to another device. Statement 10 of access list 160 denies Telnet access to the address that is
assigned to the S0 interface of Router B. Host 10.1.1.1 can still use Telnet to connect into Router
B simply by using a different interface address, such as E0. The solution is recognizing which IOS
command to use. When you want to block Telnet traf?¬?c into and out of the router, use the accessclass
command to apply access lists to the vty lines.
Summary of Troubleshooting ACLs
The following summarizes the key points that were discussed in this section:
?– An improperly con?¬?gured access list can prevent legitimate traf?¬?c from passing through a
router or allow unauthorized traf?¬?c to pass through the router.
?– You can use the show access-lists command to verify the con?¬?guration of an access list on a
router.
?– You can use the show ip interface command to verify where the access list is applied to an
interface and what direction it is applied in.
Pages:
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371