[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Extreme - Telnet Access List

Posted on 2005-04-07
7
Medium Priority
?
2,515 Views
Last Modified: 2012-08-14
I'm looking to create an an access list to lock down telnet access to my Summit48i.

What's confusing me though, is because it is in layer 3 mode, there are a number of different IP addresses which I change often.

Is there a way of locking down ALL telnet traffic to, say, 192.168.0/24 for ALL ports on the switch, but not affecting traffic which is simply being routed through it?
0
Comment
Question by:jezzar
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Gen2003
ID: 13823884
Hello

What box do you have? Cisco? If so try to assign following ACL to interface you are expect attack:

access-list 120 deny tcp any 192.168.0.0 0.0.0.255 eq 23
access-list 120 permit ip any any

So it will block any telnet traffic from anywhere to any machine on 192.168.0.X network but will allow everything else.

Regards
0
 

Author Comment

by:jezzar
ID: 13831919
It's an Extreme Switch
0
 
LVL 4

Expert Comment

by:Gen2003
ID: 13874045
If it is Layer 2 switch then it is impossible to block traffic on tcp port- based criteria. If it is a Layer 3 switch (router) - check manual for how to apply ACL on it. What exact model ?
0
 

Author Comment

by:jezzar
ID: 13874261
It's layer three. 48si.

On a suddenly more important note, erm... any idea what to do if you forget the admin password?

>dumb<
0
 
LVL 4

Accepted Solution

by:
Gen2003 earned 500 total points
ID: 13943655
Sorry, for long delay. Try to find information you need in manual for summit. If you don't have it - download from
http://www.extremenetworks.com/

What you need is to create access list that will allow only your computer to telnet to device:

(action) (protocol) (source ip address) (source port) (destination ip address) (destination port)

permit tcp X.X.X.X any Y.Y.Y.Y 23
deny tcp any Y.Y.Y.Y 23

where X.X.X.X is your computer's IP, Y.Y.Y.Y - is address of Summit

these are not exact syntax, check with manual.

Regarding lost password, again check manual or contact extremenetworks. As nobody here will teach you how to hack systems.

Regards.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question