Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access-list Question

Status
Not open for further replies.
Chigy

Chigy

Technical User
Jul 29, 2007
9
0
0
GB
Team,
I hope I am not asking too many questions ....

I saw this lab which required the configuration of an ACL to deny telnet to a router R3 any allow all other traffic. There were three routers R1, R2, and R3. The routers' networks were given.

The solution (from Testking) suggested an acl denying R1 and R2 networks and applying the access-group on S0 and E0 of R3. Yes it works but ....

Why not just applying like this:
!
line vty 0 4
ip access-class 101 in
end
!
 
Sort by date Sort by votes
Chigy,

line vty 0 4 controls telnet to the router itself - not telnet traffic through the router!

That would just control people telnetting to the router, the question wants an ACL to stop telnet traffic going through the router - like someone trying to telnet to a server hanging off Ethernet 1.

It might help to pickup the Sybex CCNA Study Guide and reread it rather then working with Test Kings :-(


E.A. Broda
CCNA, CCDA, CCAI, Network +
 
Upvote 0 Downvote
Thanks - I have read the book and the Cisco Press Libray as well. I just want to be sure of the question types before I jump into the exam again. On the Question above, it said, and I quote:

"Your assignment is to configure and apply an access control list that will block telnet access to the TK3 router without inhibiting all other traffic"

Its the wording that got me thinking vty - maybe is a typo!
 
Upvote 0 Downvote
Chigy,

You have to be very carefull with Test King - they are known for wrong answers and typos :)

Just keep bouncing stuff off the forum - we have some GREAT people who hang out in here :) I learn more stuff everytime I login!!

Good luck on your studies!


E.A. Broda
CCNA, CCDA, CCAI, Network +
 
Upvote 0 Downvote
A good key to learnnig is finding the wrong answers and being able to identify them as such...

With that said there is no better training than hands on..

I sometimes use testking to see the wording of a question, you now how Cisco questions can be.....

An I agree with CiscoGuy33, I too learn something new everytime I login...

“Reserve your right to think, for even to think wrongly is better than not to think at all”

Tek-TIP Member 19,650
[americanflag]
 
Upvote 0 Downvote
To restrict telnet access TO the router, you are correct in assuming that you must place an acl to the vty 0 4 lines with the ip access-class command.
As CiscoGuy33 says, if denying telnet access to anything that is attached to the router in question, then an acl denying port 23 and allowing everything else through the router should be applied to the incoming port of the router, but telnetting the router itself via vty lines would still be possible.

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

djtech2k
  • Locked
  • Question
Study Questions for Comptia A+
Replies
0
Views
60
djtech2k
djtech2k
bnorton916
  • Locked
  • Question
Frame Relay Question
Replies
5
Views
51
burtsbees
burtsbees
NileshB
  • Locked
  • Question
Route Summarisation question
Replies
1
Views
36
lerdalt
lerdalt
admoore
  • Locked
  • Question
simple home lab question... 1
Replies
2
Views
55
OzzieGeorge
OzzieGeorge
C0mmUN1cAt0r
  • Locked
  • Question
ccna question - cisco netacad correct or cbt nuggets videos
Replies
4
Views
78
kishmbee
kishmbee

Part and Inventory Search

Sponsor

Back
Top