RE: No input access group defined for BRI0

From: Brian Dennis (brian@labforge.com)
Date: Fri Dec 27 2002 - 18:12:55 GMT-3

• Next message: Armand D: "Re: OSPF: remove NULL from summary"
• Previous message: ccieingroup@hotmail.com: "Re: OSPF: remove NULL from summary"
• Maybe in reply to: John Tafasi: "No input access group defined for BRI0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John,
Remove the "autocommand access-enable host timeout 5" from under your
"line vty 0 4" and you'll be set.

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Tafasi
Sent: Friday, December 27, 2002 12:53 PM
To: Brian McGahan; 'Cisco Group Study'; 'ccielab'
Subject: Re: No input access group defined for BRI0

Here is the complete configuration file for r5

r5#show run
Building configuration...

Current configuration : 2245 bytes
!
! Last configuration change at 22:38:53 UTC Thu Mar 11 1993
! NVRAM config last updated at 15:54:58 UTC Wed Mar 10 1993
!
version 12.2
no service single-slot-reload-enable
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname r5
!
logging rate-limit console 10 except errors
!
username omer password 7 14141B180F0B
username r4 password 7 095E1B
username r2 password 7 045802150C2E
username r5 password 7 13061E010803
ip subnet-zero
no ip finger
no ip domain-lookup
!
ip reflexive-list timeout 1000
no ip dhcp-client network-discovery
isdn switch-type basic-ni
!
!
!
!
interface Loopback5
 ip address 5.5.5.5 255.255.255.0
!
interface Ethernet0
 ip address 10.10.110.3 255.255.255.0
 shutdown
!
interface Serial0
 no ip address
 shutdown
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 ip address 10.10.10.2 255.255.255.0
 encapsulation ppp
 dialer callback-secure
 dialer idle-timeout 300
 dialer enable-timeout 1
 dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 snapshot server 5
 ppp callback accept
 ppp authentication chap
 ppp chap hostname r5
!
router rip
 network 5.0.0.0
 network 10.0.0.0
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 0.0.0.0 0.0.0.0 10.10.110.16
ip http server
!
!
ip access-list extended abc
 dynamic test permit ip any any
 permit tcp any host 10.10.110.3 eq telnet
ip access-list extended inboundfilter
 permit igrp any any
 evaluate tcptraffic
ip access-list extended outboundfilter
 permit tcp any any reflect tcptraffic timeout 5000
!
map-class dialer eng
 dialer callback-server username
access-list 21 deny any
access-list 100 permit tcp any any eq telnet
access-list 100 permit icmp any any
dialer-list 1 protocol ip list 100
!
snmp-server engineID local 5555555555
snmp-server engineID remote 10.10.10.1 2222222222
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 password cisco
 login
 autocommand access-enable host timeout 5
!
ntp clock-period 17179628
end
----- Original Message -----
From: "Brian McGahan" <brian@cyscoexpert.com>
To: "'John Tafasi'" <johntafasi@yahoo.com>; "'Cisco Group Study'"
<cisco@groupstudy.com>; "'ccielab'" <ccielab@groupstudy.com>
Sent: Friday, December 27, 2002 1:29 PM
Subject: RE: No input access group defined for BRI0

> John,
>
> This is most likely due to the fact that you have a dynamic
> access-list configured, yet the dynamic list is not applied to that
> interface. Once you have the 'access-enable' command defined, telnet
on
> tcp 23 is used exclusively to authenticate.
>
> Try something like this:
>
> line vty 0 3
> autocommand access-enable host timeout 20
> line vty 4
> rotary 1
>
> Now the router will listen on TCP 7001 for actual telnet traffic
> to the CLI.
>
> HTH
>
> Brian McGahan, CCIE #8593
> Director of Design and Implementation
> brian@cyscoexpert.com
>
> CyscoExpert Corporation
> Internetwork Consulting & Training
> Voice: 847.674.3392
> Fax: 847.674.2625
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > John Tafasi
> > Sent: Friday, December 27, 2002 1:51 PM
> > To: Cisco Group Study; ccielab
> > Subject: No input access group defined for BRI0
> >
> > Hi Groub,
> >
> > r2 and r5 are connected via isdn. I am trying to telnet to r5 from
r2
> but
> > I
> > receive the message "No input access group defined for BRI0." Does
> that
> > mean
> > you cannot access a router via its bri interface unless an access
list
> is
> > configured on bri0?
> >
> > r2#telnet 10.10.10.2
> > Trying 10.10.10.2 ... Open
> >
> >
> > User Access Verification
> >
> > Password:
> > Password:
> > No input access group defined for BRI0.
> > [Connection to 10.10.10.2 closed by foreign host]
> > .
.
.

• Next message: Armand D: "Re: OSPF: remove NULL from summary"
• Previous message: ccieingroup@hotmail.com: "Re: OSPF: remove NULL from summary"
• Maybe in reply to: John Tafasi: "No input access group defined for BRI0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:54 GMT-3