We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 581 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


295 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. andrew says:

    That's right--the 3 statements will not appear with a show access-list command.

  2. Hi Rene,

    I think telnet traffic filter in line vty NOT per interface ? correct me if I wrong.

  3. Hi @hussien.samer

    Adding an access-list on the interface that blocks telnet traffic will work. Adding it on the VTY is easier if you want to block telnet traffic, no matter on what interface you receive it:

    line vty 0 4
     ipv6 access-class R1_TRAFFIC in
  4. Thanks for answer,

    I was in doubt so I did a test in a LAB
    In the LAB I deny telnet connection instead of permit it and when I apply the access list on the interface the telnet connection is permitted and when apply it on the vty the telnet connection is denied, can you please test it and give me feedback ???

  5. Hi @hussien.samer,

    It’s working fine here:

    R2(config)#ipv6 access-list R1_TRAFFIC   
    R2(config-ipv6-acl)#deny tcp any any eq telnet
    R2(config-ipv6-acl)#permit any any
    R2(config)#interface GigabitEthernet 2
    R2(config-if)#ipv6 traffic-filter R1_TRAFFIC in

    This blocks telnet traffic and permits everything else:

    R1#telnet 2001:DB8:0:12::2
    Trying 2001:DB8:0:12::2 ... 
    % Connection timed out; remote host not responding
    R1#ping 2001:DB8:0:12::2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2001:DB8:0:12::2, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

    You can see the matches here:

    R2#show access-lists 
    IPv6 access list R1_TRAFFIC
        deny tcp any any eq telnet (8 matches) sequence 10
        permit ipv6 any any (13 matches) sequence 20

4 more replies! Ask a question or join the discussion by visiting our Community Forum