CCIE Pursuit Blog

August 13, 2008

Internetwork Expert Volume II: Lab 12 – Section 9

Section 9 – Security – 3 Points

9.1 Traffic Filtering

Allow telnet access to r6 only from an NMS at  Log all attempts from unauthorized devices.

Let’s start with our ACL – remember that we need to add and explicit deny statement for logging:

Rack16R6(config)#ip access-list ex TASK_9_1
Rack16R6(config-ext-nacl)#perm tcp host any eq 23
Rack16R6(config-ext-nacl)#deny tcp any any eq 23 log

Now just apply this to the vty lines:

Rack16R6(config-ext-nacl)#line vty 0 4
Rack16R6(config-line)#access-class TASK_9_1 in


Trying …
% Connection refused by remote host

Rack16R6#sh log | b Log Buffer
Log Buffer (4096 bytes):

Aug 13 14:17:37.053: %SYS-5-CONFIG_I: Configured from console by console
Aug 13 14:17:42.285: %SEC-6-IPACCESSLOGP: list TASK_9_1 denied tcp ->, 1 packet


1 Comment »

  1. i use std acl’s for vty access

    Comment by shef — September 5, 2008 @ 11:58 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

%d bloggers like this: