From: Lupi, Guy (Guy.Lupi@xxxxxxxxxxxxx)
Date: Thu Apr 25 2002 - 10:45:10 GMT-3
I have tried this on several occasions, according to my tests and the
Accesss List Field Guide it can't be done. Only one dynamic entry per list.
You can put in more than one, but only the first entry will take effect, the
second one will not.
~-----Original Message-----
~From: johan.hjalmarsson@se.abb.com
~[mailto:johan.hjalmarsson@se.abb.com]
~Sent: Thursday, April 25, 2002 7:29 AM
~To: ccielab@groupstudy.com
~Subject: Multiple dynamic access-list lines?
~
~
~Is it possible to have multipple dynamic lines in an extended ip
~access-list and let different users enable the different rules?
~
~What I want to do is something like the following:
~
~The user www should open up the dynamic access-list www but
~not the ftp one
~and vise versa.
~
~username www password http
~username www access-enable host timeout 5
~username ftp password file
~username ftp access-enable host timeout 5
~access-list 100 permit tcp any host 192.168.1.1 eq telnet
~access-list 100 dynamic www permit tcp any host 192.168.2.2 eq www
~access-list 100 dynamic ftp permit any host 192.168.3.3 eq ftp
~
~My problem with the above config is that I can't find a way to specify
~which dynamic part the tespective user should enable.
~
~Best Regards
~Johan Hjalmarsson
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:19 GMT-3