From: Gery Pang (pang_gery@yahoo.com.hk)
Date: Sat Mar 01 2003 - 06:26:53 GMT-3
Hi Group,
Just tested the dynamic access list and found it may not work with aaa
new-model.
Here is the config that does not works:
aaa new-model
aaa authentication login default local
aaa authentication login testlogin enable local
username auto password 0 auto
username auto autocommand access-enable timeout 5
interface FastEthernet0/1
ip address 192.168.0.138 255.255.255.0
ip access-group 150 in
duplex auto
speed auto
access-list 150 dynamic allowtest timeout 5 permit ip any any
access-list 150 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.138 eq telnet
access-list 150 permit tcp host 203.78.86.230 host 192.168.0.138 eq telnet
line vty 0 4
password password
The following will work:
username auto password 0 auto
username auto autocommand access-enable timeout 5
interface FastEthernet0/1
ip address 192.168.0.138 255.255.255.0
ip access-group 150 in
duplex auto
speed auto
access-list 150 dynamic allowtest timeout 5 permit ip any any
access-list 150 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.138 eq telnet
access-list 150 permit tcp host 203.78.86.230 host 192.168.0.138 eq telnet
line vty 0 4
login local
Why?
Thank you.
Gery
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:30 GMT-3