From: Dennis J. Hartmann (dhartma5@optonline.net)
Date: Tue May 03 2005 - 17:52:31 GMT-3
I'm new to dynamic (Lock-and-Key) ACLs, but from my studying today
it seems that the first ACE line (access-list 100 dynamic telnet timeout 10
permit ip any any) is forcing the router to use the dynamic ACL where one
doesn't exist yet because the Telnet ACL is your second ACE and ACLs use top
down processing. Remove your ACL and try rebuilding it with the Telnet ACE
as the first ACE in your ACL like this:
access-list 100 permit tcp 140.10.101.96 0.0.0.7 any eq telnet
access-list 100 dynamic telnet timeout 10 permit ip any any
I don't have access to a router to test this so please let me know
if this works.
Sincerely,
Dennis Hartmann
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of amir
cohen
Sent: Saturday, April 23, 2005 1:42 AM
To: ccielab@groupstudy.com
Subject: Autocommand for username
Hello,
i need some help in understanding autocommand:
this is my config:
======================================
username test password 0 test
username test autocommand access-enable timeout 5
!
access-list 100 dynamic telnet timeout 10 permit ip any any access-list 100
permit tcp 140.10.101.96 0.0.0.7 any eq telnet !
=================================
wheb i telneting from the above IP's i got:
R6#140.10.101.7
Trying 140.10.101.7 ... Open
User Access Verification
Username: test
Password:
% List#100-telnet already contains this IP address pair [Connection to
140.10.101.7 closed by foreign host]
Any ideas?
Thanx
Amir
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3