uraauroow
03-13-2008, 02:18 PM
this is part of answer given by lammle:
You want to block telnet access from the 172.16.5.0/24 network to the 172.16.22.0/24 network. You would create an access list as follows:
(config)#access-list 100 deny tcp 172.16.5.0 0.0.0.255 172.16.22.0 0.0.0.255 eq 23.
(config)#access-list 100 permit any
Assuming that 172.16.5.0/24 is connected to fa0/0, you would then apply the access list to the interface:
(config)#int fa0/0
(config-if)#ip access-group 100 in
Now, only telnet access from 172.16.5.0/24 with a destination of 172.16.22.0/24 will be denied.
the queation is, if I want block telnet from remote network, and all I know is the IP ADDRESS, how can i assume the interface they are using?
becouse you (lammle) said, assuming they are using f0/0.
thanks
You want to block telnet access from the 172.16.5.0/24 network to the 172.16.22.0/24 network. You would create an access list as follows:
(config)#access-list 100 deny tcp 172.16.5.0 0.0.0.255 172.16.22.0 0.0.0.255 eq 23.
(config)#access-list 100 permit any
Assuming that 172.16.5.0/24 is connected to fa0/0, you would then apply the access list to the interface:
(config)#int fa0/0
(config-if)#ip access-group 100 in
Now, only telnet access from 172.16.5.0/24 with a destination of 172.16.22.0/24 will be denied.
the queation is, if I want block telnet from remote network, and all I know is the IP ADDRESS, how can i assume the interface they are using?
becouse you (lammle) said, assuming they are using f0/0.
thanks