From: chon_mon@nym.hush.com
Date: Sat Apr 23 2005 - 02:57:38 GMT-3
Do a show access-list on your router to see if you dynamic list has
an entry for that network in it. Also, this is lock-and-key so
beware that you need only telnet successfully once to punch a hole
through the IOS firewall so that your users have access to the
resources you specifiy for the amount of time you specified in your
list. Seems like you specified a timeout of 10 minutes, so when
that finishes you can try it again. I am not sure if you can do a
clear access-list command to get rid of the entry any faster.
HTH
-Sean
On Fri, 22 Apr 2005 22:41:46 -0700 amir cohen
<avi_patish@yahoo.com> wrote:
>Hello,
>
>i need some help in understanding autocommand:
>
>this is my config:
>
>======================================
>username test password 0 test
>username test autocommand access-enable timeout 5
>
>!
>access-list 100 dynamic telnet timeout 10 permit ip
>any any
>access-list 100 permit tcp 140.10.101.96 0.0.0.7 any
>eq telnet
>!
>
>=================================
>
>wheb i telneting from the above IP's i got:
>
>
>R6#140.10.101.7
>Trying 140.10.101.7 ... Open
>
>
>User Access Verification
>
>Username: test
>Password:
>% List#100-telnet already contains this IP address
>pair
>[Connection to 140.10.101.7 closed by foreign host]
>
>Any ideas?
>
>
>Thanx
>Amir
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>___________________________________________________________________
>____
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:08 GMT-3