RE: dynamic acl question (IE vs. CISCO)
From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Jun 22 2005 - 02:22:46 GMT-3
John,
These are both "proper" configurations, but they accomplish
different things and therefore cannot be directly compared. Put it in
the context of a scenario and I can give you more information on it.
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> John Matus
> Sent: Tuesday, June 21, 2005 6:14 PM
> To: ccielab@groupstudy.com
> Subject: dynamic acl question (IE vs. CISCO)
>
> i'm a bit confused about the "proper" way to configure a dynamic
> acl.........i've ready the "cisco" way and seen the "IE" way but am
> confused
> about which way to go.........
>
> let's say that i want to allow one telnet host into R1......i've seen
2
> ways
> to do it
>
> R1 (iIE WAY)
> user r1 password cisco
>
> line vty 0 4
> login local
> autocommand access enable host timeout 5
>
> access-list extended auto
> dynamic telent permit tcp host 1.2.3.4 host 150.1.1.1 eq telnet
> deny tcp any any eq telnet
> permit ip any any
>
> r1 (CISCO WAY)
> user r1 password cisco
>
> line vty 0 4
> login local
> autocommand access enable host timeout 5
>
> acccess-list extended auto
> pemrit tcp host 1.2.3.4 host 150.1.1.1 eq telnet
> dynamic telnet timeout 120 pemit ip any any
>
> what is the functional difference between the two?
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar � get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
This archive was generated by hypermail 2.1.4
: Wed Jul 06 2005 - 14:43:42 GMT-3