From: Tim Fletcher (groupstudy@fletchmail.net)
Date: Tue Jan 06 2004 - 21:52:28 GMT-3
At 06:14 PM 1/6/04, ccie2be wrote:
>Hi guys,
>
>I'm having problems getting this to work properly and I have 2 questions about
>this.
>
>1) When using local authentication, does the name in the username xxxx
>password yyyy need to match the name in the dynamic access list entry? If it
>does, doesn't that create problems in that everyone must use the same name
>password combo? ( I understand that only 1 dynamic entry should be used when
>creating dynamic access lists.)
No, it does not have to match.
>2) Does the dynamic access list have to explicitly permit icmp in order for
>ping to work?
>
>I have the following config:
>
>username test password ccie
>
>int s2
>ip addr x.x.x.x m.m.m.m
>ip access-group 100 in
>
>access-list 100 permit tcp any host 172.16.32.3 eq telnet
>access-list 100 dynamic test permit ip any 172.16.136.0 0.0.0.255
>
>line vty 0 4
>password cisco
>login local
>autocommand access-enable timeout 3
>
>What happens is this. when I telnet to the ip addr above, I get challenged to
>enter a name and password and then I get (as I should) a message like "session
>closed by foreign host". But, then when I try to ping a host on subnet
>172.16.136.0, I get U.U.U
>
>Shouldn't I be able to ping with the above config?
Is your connection coming into S2?
>Thanks in advanced, dt
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:37 GMT-3