Extreme - Telnet Access List

Posted on 2005-04-07
Last Modified: 2012-08-14
I'm looking to create an an access list to lock down telnet access to my Summit48i.

What's confusing me though, is because it is in layer 3 mode, there are a number of different IP addresses which I change often.

Is there a way of locking down ALL telnet traffic to, say, 192.168.0/24 for ALL ports on the switch, but not affecting traffic which is simply being routed through it?
Question by:jezzar
    LVL 4

    Expert Comment


    What box do you have? Cisco? If so try to assign following ACL to interface you are expect attack:

    access-list 120 deny tcp any eq 23
    access-list 120 permit ip any any

    So it will block any telnet traffic from anywhere to any machine on 192.168.0.X network but will allow everything else.


    Author Comment

    It's an Extreme Switch
    LVL 4

    Expert Comment

    If it is Layer 2 switch then it is impossible to block traffic on tcp port- based criteria. If it is a Layer 3 switch (router) - check manual for how to apply ACL on it. What exact model ?

    Author Comment

    It's layer three. 48si.

    On a suddenly more important note, erm... any idea what to do if you forget the admin password?

    LVL 4

    Accepted Solution

    Sorry, for long delay. Try to find information you need in manual for summit. If you don't have it - download from

    What you need is to create access list that will allow only your computer to telnet to device:

    (action) (protocol) (source ip address) (source port) (destination ip address) (destination port)

    permit tcp X.X.X.X any Y.Y.Y.Y 23
    deny tcp any Y.Y.Y.Y 23

    where X.X.X.X is your computer's IP, Y.Y.Y.Y - is address of Summit

    these are not exact syntax, check with manual.

    Regarding lost password, again check manual or contact extremenetworks. As nobody here will teach you how to hack systems.


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
    We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now