From: George Cassels (glcassels3@nc.rr.com)
Date: Tue Jun 21 2005 - 22:18:27 GMT-3
John
So the first ACL if it said something like only allow telnet access
to routers inside your network if the user authenticates with RouterX;
permit all other traffic this is a good example. The second example you
gave would be a scenario where only allow telnet access to routers
inside your network if the user authenticates with RouterX and deny all
other traffic.
Some scenarios might say permit control traffic, allow telnet access to
routers inside your network only if the user authenticates with routerx
and deny all other traffic. In that case it may look like this
access-list extended auto
permit ospf any any
permit tcp any any eq bgp
permit pim any any
dynamic telnet permit tcp host 1.2.3.4 host 150.1.1.1 eq telnet
Hope this helps,
George
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Matus
Sent: Tuesday, June 21, 2005 6:14 PM
To: ccielab@groupstudy.com
Subject: dynamic acl question (IE vs. CISCO)
i'm a bit confused about the "proper" way to configure a dynamic
acl.........i've ready the "cisco" way and seen the "IE" way but am
confused
about which way to go.........
let's say that i want to allow one telnet host into R1......i've seen 2
ways
to do it
R1 (iIE WAY)
user r1 password cisco
line vty 0 4
login local
autocommand access enable host timeout 5
access-list extended auto
dynamic telent permit tcp host 1.2.3.4 host 150.1.1.1 eq telnet
deny tcp any any eq telnet
permit ip any any
r1 (CISCO WAY)
user r1 password cisco
line vty 0 4
login local
autocommand access enable host timeout 5
acccess-list extended auto
pemrit tcp host 1.2.3.4 host 150.1.1.1 eq telnet
dynamic telnet timeout 120 pemit ip any any
what is the functional difference between the two?
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3