jezzar
asked on
Extreme - Telnet Access List
I'm looking to create an an access list to lock down telnet access to my Summit48i.
What's confusing me though, is because it is in layer 3 mode, there are a number of different IP addresses which I change often.
Is there a way of locking down ALL telnet traffic to, say, 192.168.0/24 for ALL ports on the switch, but not affecting traffic which is simply being routed through it?
What's confusing me though, is because it is in layer 3 mode, there are a number of different IP addresses which I change often.
Is there a way of locking down ALL telnet traffic to, say, 192.168.0/24 for ALL ports on the switch, but not affecting traffic which is simply being routed through it?
ASKER
It's an Extreme Switch
If it is Layer 2 switch then it is impossible to block traffic on tcp port- based criteria. If it is a Layer 3 switch (router) - check manual for how to apply ACL on it. What exact model ?
ASKER
It's layer three. 48si.
On a suddenly more important note, erm... any idea what to do if you forget the admin password?
>dumb<
On a suddenly more important note, erm... any idea what to do if you forget the admin password?
>dumb<
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What box do you have? Cisco? If so try to assign following ACL to interface you are expect attack:
access-list 120 deny tcp any 192.168.0.0 0.0.0.255 eq 23
access-list 120 permit ip any any
So it will block any telnet traffic from anywhere to any machine on 192.168.0.X network but will allow everything else.
Regards