RE: Lock&key access-list idle timeout

From: Devender Singh (devender.singh@xxxxxxxxxxxxxx)
Date: Sun Feb 18 2001 - 21:24:28 GMT-3

• Next message: michheal david: "dlsw+ filter"
• Previous message: Steven Weber: "OSPF error message..."
• Maybe in reply to: zhuqingliu: "Lock&key access-list idle timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Les,

This the time I return your $0.02 out $0.06 I collected.

remember the access-list command for bgp which you are not sure about.
second one will not work. I had this problem, and debugging showed the
packets originated from port 179.
To confirm this do "debug ip tcp trans" i think.

Cheers

Devender Singh
BE(Hons), CCNP
IP Solution Specialist

-----Original Message-----
From: Les Hardin [mailto:hardinl@bah.com]
Sent: Sunday, 18 February 2001 1:07
To: zhuqingliu; ccielab@groupstudy.com
Subject: Re: Lock&key access-list idle timeout

Perry,

Personally, I would simplify the below config to remove the timeout on the
vty. I would also use login local and get rid of the pass cisco under the
vty. Like so:

username zql password 0 liming
!
access-list 168 permit tcp any host 132.3.3.3 eq telnet
access-list 168 permit ospf any any
access-list 168 permit tcp any eq bgp any <---not sure why you need this
if you have it covered in next line?
access-list 168 permit tcp any any eq bgp
access-list 168 permit tcp any eq 2065 any
access-list 168 permit tcp any any eq 2065
access-list 168 dynamic testlist timeout 15 permit ip any any
!
line vty 0 4
  login local
  autocommand access-enable

int ser0
ip access-group 168 in

The user would login using zql with password liming
my $0.02

Les

At 10:16 AM 2/12/2001 +0800, zhuqingliu wrote:
>Hi, all
>
> The lock&key access-list idle timeout doesn't take effectivly.
>===========================================
>username zql password 0 liming
>!
>access-list 168 permit tcp any host 132.3.3.3 eq telnet
>access-list 168 permit ospf any any
>access-list 168 permit tcp any eq bgp any
>access-list 168 permit tcp any any eq bgp
>access-list 168 permit tcp any eq 2065 any
>access-list 168 permit tcp any any eq 2065
>access-list 168 dynamic testlist timeout 15 permit ip any any
>!
>line vty 0 4
> password cisco
> autocommand access-enable host timeout 3
>===========================================
>The dynamic access list will timeout within 3 minutes.
>
>IOS version is: 12.0(14)
>
>
>
>Best regards
>Perry.Zhu
>
>

• Next message: michheal david: "dlsw+ filter"
• Previous message: Steven Weber: "OSPF error message..."
• Maybe in reply to: zhuqingliu: "Lock&key access-list idle timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:52 GMT-3