From: Joel W. Ekis (jekis@xxxxxxxxx)
Date: Tue Feb 29 2000 - 21:19:14 GMT-3
Here's the config I used to practice with:
Dynamic
username jim password foo
username jim autocommand access-enable
username mary password foo2
access-list 100 permit tcp any host 10.1.1.2 eq telnet
access-list 100 dynamic <name> timeout 60 permit tcp any host 1.1.1.1 eq www
line vty 0 4
login local
Jim can telnet to this router (10.1.1.2). He will authenticate with foo.
Once authenticated, Jim will be disconnected and the dynamic list will open and
allow web access to 1.1.1.1 for 5 minutes. Mary can establish a telnet session
with the router (10.1.1.2) and gain enable access. Apply this list to the
interface that Jim will use when establishing the telnet session.
Joel, CCIE# 5649
At 11:21 PM 2/29/2000 -0800, Khurram Khani wrote:
>
> I am just trying the Lock-and-Key: Dynamic Access Lists.
>
> access-list 101 dynamic testlist permit icmp any any
> access-list 101 dynamic testlist permit tcp any any eq telnet
> access-list 101 permit tcp any host 11.1.1.1 eq telnet
> access-list 101 deny tcp any any
> access-list 101 deny ip any any
>
> The problem is, only 1st list is accepted when a user comes in
> gives the instruction. Means the user is able to TELNET to
> ANY but not ICMP to ANY.
>
> user-isdn>access-enable host timeout 10
> user-isdn>exit
> Connection closed by foreign host.
>
>
> I just have these 4 URL on CCO to study, is there
> any other descriptive article also available on Lock and Key
> to study on CCO
>
>
> <http://www.cisco.com/warp/public/69/13.html>http://www.cisco.com/warp/pub
> lic/69/13.html
> http://www.cisco.com/warp/public/cc/cisco/mkt/security/auth/tech/landk_wp.htm
>
> <http://www.cisco.com/warp/public/116/15.html>http://www.cisco.com/warp/pu
> blic/116/15.html
> http://www.cisco.com/warp/public/129/19.html
>
> Plz advise
>
> Thanks
> KHURRAM KHANI
> -----
> EMIRATES TELECOMMUNICATIONS CORP - ETISALAT
>
>
>
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:54 GMT-3