RE: lock and key access list problem

From: atul pawar (atulpawar@xxxxxxxxxxx)
Date: Sun Feb 03 2002 - 14:19:55 GMT-3

• Next message: Wen Jia Yang: "Re: how to control OSPF DR&BDR selection in NBMA networks?"
• Previous message: McCallum, Robert: "RE: lock and key access list problem"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: McCallum, Robert: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Tried but no luck....any more suggestions guyes?

>From: "McCallum, Robert" <Robert.McCallum@let-it-be-thus.com>
>To: 'atul pawar' <atulpawar@hotmail.com>, ccielab@groupstudy.com
>Subject: RE: lock and key access list problem
>Date: Sun, 3 Feb 2002 14:09:21 -0000
>
>Yes,
>
>put in the command
>
>username atul autocommand access-enable timeout 5 (minutes)
>
>I would also advise you to change your dynamic access list to include a
>suitable timeout. But it should still work without it.
>
>-----Original Message-----
>From: atul pawar [mailto:atulpawar@hotmail.com]
>Sent: 03 February 2002 14:02
>To: Robert.McCallum@let-it-be-thus.com; ccielab@groupstudy.com
>Subject: RE: lock and key access list problem
>
>
>Here is the config
>
>
>
>ts# sh ru
>%SYS-5-CONFIG_I: Configured from console by consolen
>Building configuration...
>
>Current configuration:
>!
>version 11.2
>no service password-encryption
>no service udp-small-servers
>no service tcp-small-servers
>!
>hostname ts
>!
>enable secret 5 $1$NP0M$H13nSc3ZfP4/Zcy5Lxr7C/
>enable password password
>!
>username atul password 0 cisco
>no ip domain-lookup
>ip host r1 2001 1.1.1.1
>ip host r2 2002 1.1.1.1
>ip host r3 2003 1.1.1.1
>ip host fs 2004 1.1.1.1
>ip host r4 2005 1.1.1.1
>!
>interface Loopback0
>ip address 1.1.1.1 255.0.0.0
>!
>interface Loopback3
>ip address 150.100.1.1 255.255.0.0
>no ip directed-broadcast
>!
>interface Loopback4
>ip address 160.100.1.1 255.255.0.0
>no ip directed-broadcast
>!
>interface Loopback5
>ip address 170.100.1.1 255.255.0.0
>no ip directed-broadcast
>!
>interface Ethernet0
>ip address 172.17.59.19 255.255.255.240
>ip access-group 130 in
>no ip mroute-cache
>no cdp enable
>!
>interface Serial0
>ip address 6.1.1.2 255.0.0.0
>no ip mroute-cache
>no fair-queue
>!
>interface Serial1
>no ip address
>no ip mroute-cache
>shutdown
>no cdp enable
>!
>router ospf 100
>network 172.17.59.0 0.0.0.15 area 2
>network 6.0.0.0 0.255.255.255 area 2
>!
>router bgp 100
>bgp always-compare-med
>network 150.100.0.0
>network 160.100.0.0
>network 170.100.0.0
>network 172.17.59.19 mask 255.255.255.240
>neighbor 6.1.1.1 remote-as 200
>neighbor 172.17.59.18 remote-as 200
>!
>ip classless
>access-list 130 permit tcp any any eq bgp
>access-list 130 dynamic firewall timeout 100 permit ip any any
>access-list 130 permit tcp any host 170.100.1.1 eq telnet
>!
>!
>line con 0
>exec-timeout 0 0
>line 1 8
>transport input all
>line aux 0
>line vty 0 4
>login local
>autocommand access-enable timeout 5
>!
>end
>
>ts#1
>[Resuming connection 1 to r1 ... ]
>
>r1#telnet 170.100.1.1
>Trying 170.100.1.1 ... Open
>
>
>User Access Verification
>
>Username: atul
>Password:
>List#130-firewall already contains this IP address pair
>[Connection to 170.100.1.1 closed by foreign host]
>r1#
>ts#sh run
>Building configuration...
>
>Current configuration:
>!
>version 11.2
>no service password-encryption
>no service udp-small-servers
>no service tcp-small-servers
>!
>hostname ts
>!
>enable secret 5 $1$NP0M$H13nSc3ZfP4/Zcy5Lxr7C/
>enable password password
>!
>username atul password 0 cisco
>no ip domain-lookup
>ip host r1 2001 1.1.1.1
>ip host r2 2002 1.1.1.1
>ip host r3 2003 1.1.1.1
>ip host fs 2004 1.1.1.1
>ip host r4 2005 1.1.1.1
>!
>interface Loopback0
>ip address 1.1.1.1 255.0.0.0
>!
>interface Loopback3
>ip address 150.100.1.1 255.255.0.0
>no ip directed-broadcast
>!
>interface Loopback4
>ip address 160.100.1.1 255.255.0.0
>no ip directed-broadcast
>!
>interface Loopback5
>ip address 170.100.1.1 255.255.0.0
>no ip directed-broadcast
>!
>interface Ethernet0
>ip address 172.17.59.19 255.255.255.240
>ip access-group 130 in
>no ip mroute-cache
>no cdp enable
>!
>interface Serial0
>ip address 6.1.1.2 255.0.0.0
>no ip mroute-cache
>no fair-queue
>!
>interface Serial1
>no ip address
>no ip mroute-cache
>shutdown
>no cdp enable
>!
>router ospf 100
>network 172.17.59.0 0.0.0.15 area 2
>network 6.0.0.0 0.255.255.255 area 2
>!
>router bgp 100
>bgp always-compare-med
>network 150.100.0.0
>network 160.100.0.0
>network 170.100.0.0
>network 172.17.59.19 mask 255.255.255.240
>neighbor 6.1.1.1 remote-as 200
>neighbor 172.17.59.18 remote-as 200
>!
>ip classless
>access-list 130 permit tcp any any eq bgp
>access-list 130 dynamic firewall timeout 100 permit ip any any
>access-list 130 permit tcp any host 170.100.1.1 eq telnet
>!
>!
>line con 0
>exec-timeout 0 0
>line 1 8
>transport input all
>line aux 0
>line vty 0 4
>login local
>autocommand access-enable timeout 5
>!
>end
>

• Next message: Wen Jia Yang: "Re: how to control OSPF DR&BDR selection in NBMA networks?"
• Previous message: McCallum, Robert: "RE: lock and key access list problem"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: McCallum, Robert: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3