Skip to Content

Cisco 300-410: Stopping Console Logs While Denying Telnet in Cisco Router Configuration

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Discover the right action to stop detailed console logs while still denying Telnet access in a Cisco router configuration. Learn the optimal access list modification to achieve this.

Table of Contents

Question

An engineer configured a router with this configuration:

ip access-list DENY_TELNET
10 deny tcp any any eq 23 log-input

The router console starts receiving log message “%SEC-6-IPACCESSLOGP: list DENY_TELNET denied tcp192.168.1.10(10222) (FastEthernet1/0 D508.89gb.003f) ->192.168.2.20(23), 1 packet”. Which action stops messages on the console while still denying Telnet?

A. Remove log-input keyword from the access list.
B. Configure a 20 permit ip any any log-input command.
C. Configure a 20 permit ip any any command.
D. Replace log-input keyword with the log keyword in the access list.

Answer

A. Remove log-input keyword from the access list.

Explanation

The appropriate action to stop the log messages on the console while still denying Telnet is to replace the “log-input” keyword with the “log” keyword in the access list.

The “log-input” keyword in the access list configuration “ip access-list DENY_TELNET 10 deny tcp any any eq 23 log-input” is causing the router to log detailed information about the denied Telnet traffic, including the input interface and source MAC address. This is resulting in the log message “%SEC-6-IPACCESSLOGP: list DENY_TELNET denied tcp192.168.1.10(10222) (FastEthernet1/0 D508.89gb.003f) ->192.168.2.20(23), 1 packet” being displayed on the console.

To stop these detailed log messages while still denying Telnet traffic, the “log-input” keyword should be replaced with the “log” keyword. The revised access list configuration would be:

“ip access-list DENY_TELNET 10 deny tcp any any eq 23 log”

This will still log the denied Telnet traffic, but without the detailed information about the input interface and source MAC address, reducing the console output.

Cisco 300-410 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco 300-410 exam and earn Cisco 300-410 certification.