RE: Help on Lock and Key configuration.

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Mon Feb 14 2005 - 02:56:55 GMT-3

• Next message: anantha S: "how to choose frame-relay interface-type for below task ?"
• Previous message: anantha S: "Help on Lock and Key configuration."
• Maybe in reply to: anantha S: "Help on Lock and Key configuration."
• Next in thread: Sundar Palaniappan: "Re: Help on Lock and Key configuration."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You should first try looking over the documentation for lock and key
security because what you have configured below is not lock and key
security ;-)

Configuring Lock-and-Key Security (Dynamic Access Lists)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fsecur_c/ftrafwl/scflock.htm

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)

bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
anantha S
Sent: Sunday, February 13, 2005 9:42 PM
To: Cisco certification
Subject: Help on Lock and Key configuration.

Hi,

How to solve this below problem, any pointers.

Question:
--------------
1. configure R3 such that telnet is the only protocol allowed to
enter R3's frame-relay interface.
2. Configure lock and Key on R3 such that if a username Ted
authenticates, his IP address (and only his ip address) will be
allowed full access into VLAN 30. Teds password should be cisco.
3. Configure an idle time of 5 minutes and an absolute time of 1 hour.
4. Name this dynamic entry LockandKey and add it to access list
present in R3 serial interface.

Topology:
--------------

R2-------FR--------R3-----Vlan30---

solution try:
--------------
I could not find a way to associate to User (Ted) and Access-list 103.

hostname R3

username Ted password 0 cisco

interface Serial1/0
no shutdown
 ip address 130.10.134.3 255.255.255.0
 ip access-group 103 in
 encapsulation frame-relay
 ip ospf network point-to-multipoint
 no arp frame-relay
 frame-relay map ip 130.10.134.1 100 broadcast
 no frame-relay inverse-arp

router ospf 1
 log-adjacency-changes
 summary-address 130.10.31.0 255.255.255.0
 redistribute connected subnets route-map filterloop
 network 130.10.30.0 0.0.0.255 area 3
 network 130.10.134.0 0.0.0.255 area 0

router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 33.33.33.0 mask 255.255.255.0
 neighbor 130.10.134.1 remote-as 100
 no auto-summary

access-list 13 permit 130.10.31.0 0.0.0.255
access-list 103 permit icmp any any echo
access-list 103 permit icmp any any echo-reply
access-list 103 permit ospf any any
access-list 103 permit tcp any any eq bgp
access-list 103 permit tcp any eq bgp any
access-list 103 permit tcp any any eq telnet
access-list 103 deny ip any any
route-map filterloop permit 10
 match ip address 13

dial-peer cor custom
line con 0
line aux 0

line vty 0 4
 session-timeout 5
 access-class 103 in
 absolute-timeout 60
 login local
logging console 7
end

• Next message: anantha S: "how to choose frame-relay interface-type for below task ?"
• Previous message: anantha S: "Help on Lock and Key configuration."
• Maybe in reply to: anantha S: "Help on Lock and Key configuration."
• Next in thread: Sundar Palaniappan: "Re: Help on Lock and Key configuration."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:20 GMT-3