From: Jaspreet Bhatia (jasbhati@xxxxxxxxx)
Date: Wed Apr 17 2002 - 19:10:23 GMT-3
Folks,
I have a question about the functionality of the Lock
and Key ACLs
According to the limited understanding I have of Lock and Key ACLs , when I
enable lock and key on a particular router it is not possible to telnet to
that router but it is possible to telnet to routers beyond it . Someone has
suggested a method ( which allows telnet to the router having lock and key
ACL ) which I have tried out and it works .The config is
# username jas password cisco
# username jas1 password cisco
# user jas autocommand access-enable timeout 5
# access-list 101 permit eigrp any any
# access-list 101 permit tcp any host 170.10.23.1
# access-list 101 dynamic firewall timeout 15 permit ip any any
# line vty 0 4
# login local
Now the first time you telnet to this router you use username jas which has
the autcommand associated with it and the dynamic ACL kicks in
then next you telnet into teh router with username jas1 which does not have
autocommand associated with it and allows you to login . It works !!
Now my questions is that is this the only method to do this . It does not
look like a very foolproof method to me . Is there a better method of
implementing lock and key ACL on a router and allowing telnet access to it
too at the same time .
Thanks
Jaspreet
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:11 GMT-3