Re: aaa with dynamic access-list

From: wing_lam@jossynergy.com
Date: Mon Jun 09 2003 - 11:49:30 GMT-3

• Next message: wing_lam@jossynergy.com: "RE: Confederation"
• Previous message: wing_lam@jossynergy.com: "RE: CBWFQ"
• Maybe in reply to: wing_lam@jossynergy.com: "aaa with dynamic access-list"
• Next in thread: wing_lam@jossynergy.com: "Re: aaa with dynamic access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Kasturi,

Have you got experience in use aaa for authentication telnet login compare
to just "login local" in "line vty 0 4"? I have tested that the later one
can work with dynamic access-list but not aaa one, which I still can login,
but the dynamic entries cannot be waked.

                                                                                                                                       
                      "kasturi cisco"
                      <kasturi_cisco@ho To: wing_lam@jossynergy.com
                      tmail.com> cc:
                                               Subject: Re: aaa with dynamic access-list
                      06/09/2003 12:00
                      AM
                                                                                                                                       
                                                                                                                                       

When u use dynamic ACL u want only certain devices to open temp-holes in
the dy ACL. At the same time u want other devices/admin to coninue with
normal router administration.Hence u use rotary but lont under same vyt
ports but like below (at least this is what i have used)

line vty 0 2
login local
autocommand access-enable host
!
line vty 3 4
login
password xxxx
rotary 1

by doing this for normal admin u telnet using port 3001 so specify "telnet
<ip add> 3001" such that it allows u to telnet and not create dynamic acl
entry.Remember to allow telnet access in ur ACL with "permit tcp any <host
ip>" so that telnet is permitted for authentication and also for
administration. Hope that helps.

Good Luck,
Kasturi.

>From: wing_lam@jossynergy.com
>Reply-To: wing_lam@jossynergy.com
>To: ccielab@groupstudy.com
>Subject: aaa with dynamic access-list
>Date: Sun, 8 Jun 2003 20:08:42 +0800
>
>Hi group,
>
>I have tested the dynamic access-list function without using aaa (i.e. use
>"login local" under "line vty 0 4") and it works, after I add "aaa
>authentication" and change the login local to login authentication
>under line vty 0 4, the dynamic access-list not works, I can see that the
>dynamic entries cannot be waked by telnet login. Just want to ask whether
>this is normal or I am doing wrong?
>
>Also, what's the use of the command "rotary 1" under line vty 0 4? can I
>use it so that I won't lock my self from telnet if auto command is
enabled?
>
>Thx,
>BBD (Big Black Dog)
>DISCLAIMER:- This email is confidential and intended only for the use of
>the individual or entity named above and may contain information that is
>privileged. If you are not the intended recipient, you are notified that
>any dissemination, distribution or copying of this email is strictly
>prohibited. If you have received this email in error, please notify us
>immediately by return email or telephone and destroy the original message.
>Thank you.

Looking for love? Yearning for friendship? You're in the right place.

• Next message: wing_lam@jossynergy.com: "RE: Confederation"
• Previous message: wing_lam@jossynergy.com: "RE: CBWFQ"
• Maybe in reply to: wing_lam@jossynergy.com: "aaa with dynamic access-list"
• Next in thread: wing_lam@jossynergy.com: "Re: aaa with dynamic access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:55 GMT-3