Lock and Key Problem

From: Phil (theccie@gmail.com)
Date: Fri Jul 23 2004 - 11:12:13 GMT-3

• Next message: James: "Re: Administrativly scooped address"
• Previous message: Kenneth Wygand: "RE: Administrativly scooped address"
• Next in thread: Kian Wah, Lai: "RE: Lock and Key Problem"
• Maybe reply: Kian Wah, Lai: "RE: Lock and Key Problem"
• Maybe reply: Gerry Hilton: "Re: Lock and Key Problem"
• Maybe reply: Brian Dennis: "RE: Lock and Key Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

Has anybody tried to play with lock and key?

I have the configuration below but when I telnet to the router to
authenticate, instead of having an opening in the access-list
permiting from my PC's IP address to any I get a an opening permiting
any any which allow any other hosts in the subnet to have full access.
I tried a couple of different IOS version and get the same result
12.1.1 and 12.3.1 are 2 I remember.

Thanks,

Phil
===========================
rlab_2621c#wr t
Building configuration...

Current configuration : 2215 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rlab_2621c
!
username phil password 0 test
ip subnet-zero
!
ip dhcp excluded-address 172.16.34.33
ip dhcp excluded-address 172.16.34.65
ip dhcp excluded-address 172.16.34.34
ip dhcp excluded-address 172.16.34.66
!
ip dhcp pool vlan432
   network 172.16.34.32 255.255.255.240
   default-router 172.16.34.33
   dns-server 10.128.1.25
!
ip dhcp pool vlan464
   network 172.16.34.64 255.255.255.240
   default-router 172.16.34.65
   dns-server 10.128.1.25
!
ip audit notify log
ip audit po max-events 100
!
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
!
interface FastEthernet0/0.1
 encapsulation isl 416
 ip address 172.16.34.17 255.255.255.240
 ip access-group 101 in
 no ip redirects
!
interface FastEthernet0/0.2
 encapsulation isl 464
 ip address 172.16.34.65 255.255.255.240
 ip access-group 101 in
 no ip redirects
!
interface FastEthernet0/0.3
 encapsulation isl 432
 ip address 172.16.34.33 255.255.255.240
 ip access-group 101 in
 no ip redirects
!
interface BRI0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 172.16.34.1 255.255.255.248
 speed 100
 full-duplex
!
router eigrp 65500
 network 172.16.0.0
 no auto-summary
!
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.30.3
!
!
access-list 101 dynamic mytest timeout 120 permit ip any any
access-list 101 permit tcp any host 172.16.34.17 eq telnet
access-list 101 permit tcp any host 172.16.34.65 eq telnet
access-list 101 permit tcp any host 172.16.34.33 eq telnet
access-list 101 permit udp any any eq bootpc
access-list 101 permit udp any any eq bootps
!
line con 0
 password cisco
line aux 0
line vty 0 4
 password cisco
 login local
 autocommand access-enable timeout 5
!
end

rlab_2621c#

• Next message: James: "Re: Administrativly scooped address"
• Previous message: Kenneth Wygand: "RE: Administrativly scooped address"
• Next in thread: Kian Wah, Lai: "RE: Lock and Key Problem"
• Maybe reply: Kian Wah, Lai: "RE: Lock and Key Problem"
• Maybe reply: Gerry Hilton: "Re: Lock and Key Problem"
• Maybe reply: Brian Dennis: "RE: Lock and Key Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:01 GMT-3