From: Tim Carter (tcarter@xxxxxxxxx)
Date: Mon Oct 11 1999 - 22:19:27 GMT-3
You need a couple of things:
User authentication section:
username joeccie password 0 cisco
username joeccie autocommand access-enable host timeout 15
an access list:
access-list 151 permit tcp any host 10.1.1.1 eq telnet
access-list 151 dynamic allowjoe permit tcp any 10.1.2.0 0.0.0.255 eq telnet
access-list 151 permit igrp any any
access-list 151 permit ospf any any
access-list 151 permit icmp any any
Apply the access list to the interface that the user will telnet to:
int e0
ip address 10.1.1.1 255.255.255.0
ip access-group 151 in
inte e1
ip address 10.1.2.1 255.255.255.0
Also, configure for authentical for local login:
line vty 0 4
login local
When the user telnets to 10.1.1.1 they are challanged for a password. If
the password is validated it will open the dynamic access-list for the
specified time in the timeout command (above example 15 minutes). The user
will be dropped and they can then telnet to the 10.1.2.X network for 15
minutes...
Hope this helps
Tim Carter
24 hours and going fast...
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Denton Bobeldyk
> Sent: Monday, October 11, 1999 7:28 PM
> To: groupstudy
> Subject: Dynamic Access Lists
>
>
> I'm having trouble configuring dyanmic access lists and what exactly
> they're
> supposed to do, does anybody have a working config that they might be
> able to explain to me?
>
> Thanks!
>
> -Denny
>
> 36 hours to go...
>
> -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
> Denton Bobeldyk MCNE, CCDA, CCNA, CCSI
> Email: denny@kentwoodps.org
> Phone: 616-530-9196
>
> Master CNE - Connectivity
> Cisco Certified Design Associate
> Cisco Certified Network Associate
> Cisco Certified Systems Instructor
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:52 GMT-3