From: Brian McGahan (brian@cyscoexpert.com)
Date: Fri Dec 27 2002 - 18:01:08 GMT-3
John,
Exactly as I said, you have the 'access-enable' command defined
under the vty line, however there is no dynamic access-list applied to
your BRI interface. Add the 'rotary' command to a specific vty line,
and you will be able to telnet to the CLI and not just use telnet for
the lock and key authentication.
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
Voice: 847.674.3392
Fax: 847.674.2625
> -----Original Message-----
> From: John Tafasi [mailto:johntafasi@yahoo.com]
> Sent: Friday, December 27, 2002 2:53 PM
> To: Brian McGahan; 'Cisco Group Study'; 'ccielab'
> Subject: Re: No input access group defined for BRI0
>
> Here is the complete configuration file for r5
>
>
> r5#show run
> Building configuration...
>
> Current configuration : 2245 bytes
> !
> ! Last configuration change at 22:38:53 UTC Thu Mar 11 1993
> ! NVRAM config last updated at 15:54:58 UTC Wed Mar 10 1993
> !
> version 12.2
> no service single-slot-reload-enable
> service timestamps debug datetime msec
> service timestamps log uptime
> no service password-encryption
> !
> hostname r5
> !
> logging rate-limit console 10 except errors
> !
> username omer password 7 14141B180F0B
> username r4 password 7 095E1B
> username r2 password 7 045802150C2E
> username r5 password 7 13061E010803
> ip subnet-zero
> no ip finger
> no ip domain-lookup
> !
> ip reflexive-list timeout 1000
> no ip dhcp-client network-discovery
> isdn switch-type basic-ni
> !
> !
> !
> !
> interface Loopback5
> ip address 5.5.5.5 255.255.255.0
> !
> interface Ethernet0
> ip address 10.10.110.3 255.255.255.0
> shutdown
> !
> interface Serial0
> no ip address
> shutdown
> !
> interface Serial1
> no ip address
> shutdown
> !
> interface BRI0
> ip address 10.10.10.2 255.255.255.0
> encapsulation ppp
> dialer callback-secure
> dialer idle-timeout 300
> dialer enable-timeout 1
> dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201
> isdn spid2 0835866401
> cdapi buffers regular 0
> cdapi buffers raw 0
> cdapi buffers large 0
> snapshot server 5
> ppp callback accept
> ppp authentication chap
> ppp chap hostname r5
> !
> router rip
> network 5.0.0.0
> network 10.0.0.0
> !
> ip kerberos source-interface any
> ip classless
> ip route 0.0.0.0 0.0.0.0 10.10.10.1
> ip route 0.0.0.0 0.0.0.0 10.10.110.16
> ip http server
> !
> !
> ip access-list extended abc
> dynamic test permit ip any any
> permit tcp any host 10.10.110.3 eq telnet
> ip access-list extended inboundfilter
> permit igrp any any
> evaluate tcptraffic
> ip access-list extended outboundfilter
> permit tcp any any reflect tcptraffic timeout 5000
> !
> map-class dialer eng
> dialer callback-server username
> access-list 21 deny any
> access-list 100 permit tcp any any eq telnet
> access-list 100 permit icmp any any
> dialer-list 1 protocol ip list 100
> !
> snmp-server engineID local 5555555555
> snmp-server engineID remote 10.10.10.1 2222222222
> !
> line con 0
> exec-timeout 0 0
> logging synchronous
> transport input none
> line aux 0
> line vty 0 4
> password cisco
> login
> autocommand access-enable host timeout 5
> !
> ntp clock-period 17179628
> end
> ----- Original Message -----
> From: "Brian McGahan" <brian@cyscoexpert.com>
> To: "'John Tafasi'" <johntafasi@yahoo.com>; "'Cisco Group Study'"
> <cisco@groupstudy.com>; "'ccielab'" <ccielab@groupstudy.com>
> Sent: Friday, December 27, 2002 1:29 PM
> Subject: RE: No input access group defined for BRI0
>
>
> > John,
> >
> > This is most likely due to the fact that you have a dynamic
> > access-list configured, yet the dynamic list is not applied to that
> > interface. Once you have the 'access-enable' command defined,
telnet on
> > tcp 23 is used exclusively to authenticate.
> >
> > Try something like this:
> >
> > line vty 0 3
> > autocommand access-enable host timeout 20
> > line vty 4
> > rotary 1
> >
> > Now the router will listen on TCP 7001 for actual telnet traffic
> > to the CLI.
> >
> > HTH
> >
> > Brian McGahan, CCIE #8593
> > Director of Design and Implementation
> > brian@cyscoexpert.com
> >
> > CyscoExpert Corporation
> > Internetwork Consulting & Training
> > Voice: 847.674.3392
> > Fax: 847.674.2625
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> > Of
> > > John Tafasi
> > > Sent: Friday, December 27, 2002 1:51 PM
> > > To: Cisco Group Study; ccielab
> > > Subject: No input access group defined for BRI0
> > >
> > > Hi Groub,
> > >
> > > r2 and r5 are connected via isdn. I am trying to telnet to r5 from
r2
> > but
> > > I
> > > receive the message "No input access group defined for BRI0." Does
> > that
> > > mean
> > > you cannot access a router via its bri interface unless an access
list
> > is
> > > configured on bri0?
> > >
> > > r2#telnet 10.10.10.2
> > > Trying 10.10.10.2 ... Open
> > >
> > >
> > > User Access Verification
> > >
> > > Password:
> > > Password:
> > > No input access group defined for BRI0.
> > > [Connection to 10.10.10.2 closed by foreign host]
> > > .
.
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:54 GMT-3