From: kasturi cisco (kasturi_cisco@hotmail.com)
Date: Tue Jun 10 2003 - 20:24:46 GMT-3
Mike/Group,
I agree with what u see but just a couple of differences.I tested out
exactly the way u have specified with the different parameters. here they
are :-
Case A)
* Without keyword "host" yes any host can authenticate and use it.Its
open.Host A can autheticate and HOST B can go thru. Least secure.
* With keyword "host" it opens only the specific IP address as below.
Only the host which authenticates will be allowed to got thru, but at
a time multiple hosts can get thru.
R5#show access-lists <-- With host keyword
Extended IP access list 110
permit tcp any host 100.1.1.1 eq telnet (202 matches)
Dynamic test permit tcp any 153.1.0.0 0.0.255.255 eq telnet
permit tcp host 100.1.1.4 153.1.0.0 0.0.255.255 eq telnet (36 matches)
permit tcp host 100.1.1.3 153.1.0.0 0.0.255.255 eq telnet (31 matches)
deny icmp any any
deny ip any any log (26 matches)
line vty 0 2
login local
autocommand access-enable host
B) TRUE only a specific host gets authenticated and temp entry is created
just for that.
C) True
Good to learn stuff this way.
Good luck,
kasturi
------------------------------------------------------------------------
They're big & powerful. The macho mean machines! SUVs are here to stay!
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:56 GMT-3