We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

312 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene,

    I think telnet traffic filter in line vty NOT per interface ? correct me if I wrong.

  2. Thanks for answer,

    I was in doubt so I did a test in a LAB
    In the LAB I deny telnet connection instead of permit it and when I apply the access list on the interface the telnet connection is permitted and when apply it on the vty the telnet connection is denied, can you please test it and give me feedback ???

  3. Hi @hussien.samer,

    It’s working fine here:

    R2(config)#ipv6 access-list R1_TRAFFIC   
    R2(config-ipv6-acl)#deny tcp any any eq telnet
    R2(config-ipv6-acl)#permit any any
    
    R2(config)#interface GigabitEthernet 2
    R2(config-if)#ipv6 traffic-filter R1_TRAFFIC in
    

    This blocks telnet traffic and permits everything else:

    R1#telnet 2001:DB8:0:12::2
    Trying 2001:DB8:0:12::2 ... 
    % Connection timed out; remote host not responding
    
    R1#ping 2001:DB8:0:12::2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2001:DB8:0:12::2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
    

    You can see the matches here:

    R2#show access-lists 
    IPv6 access list R1_TRAFFIC
        deny tcp any any eq telnet (8 matches) sequence 10
        permit ipv6 any any (13 matches) sequence 20
  4. Hi Rene,

    when I tried it in my IOL with eve-ng it’s not working ?? weird thing

  5. I tested this on Cisco VIRL. You might also want to try it on some real hardware…could be a IOL quirk :slight_smile:

6 more replies! Ask a question or join the discussion by visiting our Community Forum