subnet mask

hi
first of all , i dont know y have u flooded the forum with the same message ... and yes to answer ur question , access lists are meant for either the incoming traffic or the outgoing one , with respect to the router. if u say "in" , it means the access list is effective on the incoming traffic .So if u wanna stop telnet traffic into the router u simply define an incoming access list.

i hope this turns out to be helpful...

First off, he probably multiple posted because the site gave a couple of errors.. we're working on fixing this. Till then tfs and I will clean things up.

Anyway think about what direction you're filtering traffic.. you're filtering traffic coming IN to the router... so thats why you filter telnet there. However I don't see why you're using access-group.. that would apply to the other interfaces.. if you're configuring the telnet access to the router you'd do something like this

line vty 0 4
access-class 10 in
login

or something similar.

hi guys...yes i get it now....i guess i was havin a mental block...
no telnet traffic INTO the router...so we need both interfaces...

i have one more qn...on telnet
when we type in the cmd window....

line vty 0 4
login
password cisco

OR
line vty 0 4
password cisco
login

are they both the same? why passwrod n login?

'login' tells the router to ask for logins
'password' sets the telnet password to be used.
By default with no password set, the router is 'no login' and will not allow telnet access.

You apply 'access-class' to the vty interfaces as opposed to 'access-group' which you apply to all the other interfaces (eth, bri, serial etc etc)

You have Lammles book ? It should be given quite simply in there. Btw the telnet labs are really really easy and a quick way to score marks simply because it involves so little configuration.. you don't have to worry about IP addressing, or calculating the right masks etc which you'll have to do on a troubleshouting or RIP lab.

hi guys...jus one more qn..
this ones from testking...n i am incredibly confused..
the qn says to block telnet access into router 1 and allow everythin else...

s0 s1 s0 s1
routerA

---

routerB

---

routerC
e0 e0 e0

routerA
eo 192.168.149.1
s0 192.168.199.1

routerB
e0 192.168.155.1
s0 192.168.11.1
s1 192.168.199.2

routerC
e0 192/168.165.1
192.168.11.2

so i think it should be smoethin like this
access-list 101 deny tcp any 192.168.149.1 0.0.0.0 eq telnet
access-list 101 deny tcp any 192.168.199.1 0.0.0.0 eq telnet
access-list 101 permit ip any any
interface ethernet 0
ip access-group in
interface serial 0
ip access-group in

but the sol provided gives something like this..
it denies destination address of 192.168.171.1
and 204.1....
anyone plz help....thnx a mil

Could you post the actual question, or a link to it, because it doesn't seem to make any sense.