RE: lock and key access list problem

From: McCallum, Robert (Robert.McCallum@xxxxxxxxxxxxxxxxxx)
Date: Sun Feb 03 2002 - 11:09:21 GMT-3

• Next message: atul pawar: "RE: lock and key access list problem"
• Previous message: Mannan Venkatesan: "Re: lock and key access list problem"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: atul pawar: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Yes,

put in the command

username atul autocommand access-enable timeout 5 (minutes)

I would also advise you to change your dynamic access list to include a suitabl
e timeout. But it should still work without it.

-----Original Message-----
From: atul pawar [mailto:atulpawar@hotmail.com]
Sent: 03 February 2002 14:02
To: Robert.McCallum@let-it-be-thus.com; ccielab@groupstudy.com
Subject: RE: lock and key access list problem

Here is the config

ts# sh ru
%SYS-5-CONFIG_I: Configured from console by consolen
Building configuration...

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname ts
!
enable secret 5 $1$NP0M$H13nSc3ZfP4/Zcy5Lxr7C/
enable password password
!
username atul password 0 cisco
no ip domain-lookup
ip host r1 2001 1.1.1.1
ip host r2 2002 1.1.1.1
ip host r3 2003 1.1.1.1
ip host fs 2004 1.1.1.1
ip host r4 2005 1.1.1.1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Loopback3
ip address 150.100.1.1 255.255.0.0
no ip directed-broadcast
!
interface Loopback4
ip address 160.100.1.1 255.255.0.0
no ip directed-broadcast
!
interface Loopback5
ip address 170.100.1.1 255.255.0.0
no ip directed-broadcast
!
interface Ethernet0
ip address 172.17.59.19 255.255.255.240
ip access-group 130 in
no ip mroute-cache
no cdp enable
!
interface Serial0
ip address 6.1.1.2 255.0.0.0
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
router ospf 100
network 172.17.59.0 0.0.0.15 area 2
network 6.0.0.0 0.255.255.255 area 2
!
router bgp 100
bgp always-compare-med
network 150.100.0.0
network 160.100.0.0
network 170.100.0.0
network 172.17.59.19 mask 255.255.255.240
neighbor 6.1.1.1 remote-as 200
neighbor 172.17.59.18 remote-as 200
!
ip classless
access-list 130 permit tcp any any eq bgp
access-list 130 dynamic firewall timeout 100 permit ip any any
access-list 130 permit tcp any host 170.100.1.1 eq telnet
!
!
line con 0
exec-timeout 0 0
line 1 8
transport input all
line aux 0
line vty 0 4
login local
autocommand access-enable timeout 5
!
end

ts#1
[Resuming connection 1 to r1 ... ]

r1#telnet 170.100.1.1
Trying 170.100.1.1 ... Open

User Access Verification

Username: atul
Password:
List#130-firewall already contains this IP address pair
[Connection to 170.100.1.1 closed by foreign host]
r1#
ts#sh run
Building configuration...

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname ts
!
enable secret 5 $1$NP0M$H13nSc3ZfP4/Zcy5Lxr7C/
enable password password
!
username atul password 0 cisco
no ip domain-lookup
ip host r1 2001 1.1.1.1
ip host r2 2002 1.1.1.1
ip host r3 2003 1.1.1.1
ip host fs 2004 1.1.1.1
ip host r4 2005 1.1.1.1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Loopback3
ip address 150.100.1.1 255.255.0.0
no ip directed-broadcast
!
interface Loopback4
ip address 160.100.1.1 255.255.0.0
no ip directed-broadcast
!
interface Loopback5
ip address 170.100.1.1 255.255.0.0
no ip directed-broadcast
!
interface Ethernet0
ip address 172.17.59.19 255.255.255.240
ip access-group 130 in
no ip mroute-cache
no cdp enable
!
interface Serial0
ip address 6.1.1.2 255.0.0.0
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
router ospf 100
network 172.17.59.0 0.0.0.15 area 2
network 6.0.0.0 0.255.255.255 area 2
!
router bgp 100
bgp always-compare-med
network 150.100.0.0
network 160.100.0.0
network 170.100.0.0
network 172.17.59.19 mask 255.255.255.240
neighbor 6.1.1.1 remote-as 200
neighbor 172.17.59.18 remote-as 200
!
ip classless
access-list 130 permit tcp any any eq bgp
access-list 130 dynamic firewall timeout 100 permit ip any any
access-list 130 permit tcp any host 170.100.1.1 eq telnet
!
!
line con 0
exec-timeout 0 0
line 1 8
transport input all
line aux 0
line vty 0 4
login local
autocommand access-enable timeout 5
!
end

• Next message: atul pawar: "RE: lock and key access list problem"
• Previous message: Mannan Venkatesan: "Re: lock and key access list problem"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: atul pawar: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3