From: Brian Lee (ipgirl@gmail.com)
Date: Mon Jul 11 2005 - 08:00:49 GMT-3
Hi Ed,
You can say it that way, but i still don't understand the meaning of the acl
in user cmd ???
B.L
----- Original Message -----
From: "Ed Lui" <edwlui@gmail.com>
To: "Gustavo Novais" <gustavo.novais@novabase.pt>
Cc: "Peppe Monterosso (peppemon)" <peppemon@cisco.com>;
<ccielab@groupstudy.com>
Sent: Saturday, July 09, 2005 3:42 AM
Subject: Re: user access-class
>I look at it a different way. Just not sure if it is exactly the task
> ask(worded) you to do. The task says
> "R7 can telnet into R8 to its s0/0 interface"
> So I would create an access-list to allow only R7 telnet to R8, apply the
> access-list on int s0/0. Then create the username and password, apply
> login
> local under vty 0 XXX.
> HTH,
> Ed Lui
>
> On 7/8/05, Gustavo Novais <gustavo.novais@novabase.pt> wrote:
>>
>> I understand... At the end that's what I did, but I think the essence of
>> the question was to limit inbound connections by username and router.
>> This username can only log to R8 if he comes from R7, not somewhere
>> else.
>>
>> I checked the command and its purpose is to limit OUTBOUND connections
>> from that user when he is logged on to the router R8.
>>
>> I think there's no way, without using tacacs to do this... Or is there?
>>
>> Thanks
>>
>> Gustavo
>>
>>
>> -----Original Message-----
>> From: Peppe Monterosso (peppemon) [mailto:peppemon@cisco.com]
>> Sent: sexta-feira, 8 de Julho de 2005 20:27
>> To: Gustavo Novais; ccielab@groupstudy.com
>> Subject: RE: user access-class
>>
>> Gustavo,
>> What I did was an access list applied to the vty 0 4. This is to allow
>> just R7 to telnet, and then a normal username XXX password YYYY on R8
>>
>> Peppe
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Gustavo Novais
>> Sent: Friday, July 08, 2005 11:55 AM
>> To: ccielab@groupstudy.com
>> Subject: user access-class
>>
>> Hi group
>>
>> I'm having a doubt here....
>>
>> Task says to configure R8 so that R7 can telnet into R8 to its s0/0
>> interface using username XXXX and password YYYY. No other routers or
>> hosts should be able to telnet to R8 using the same username and
>> password.
>>
>> To me it seems like configuring user XXXX access-class 100 password YYYY
>> with access-list 100 allowing only source IP R7 and destination R8 s0/0.
>> I configured line vty 0 4 with login local.
>>
>> The thing is that it is not working!
>>
>> I go to other routers... and they also can login with that specific
>> username\password, meaning the access-class is not working... (hum...
>> should try logging.)
>> am I missing something?
>>
>>
>> config:
>>
>>
>> username XXXX access-class 100 password YYYY
>>
>> access-list 100 permit ip host 200.0.0.7 <http://200.0.0.7> host
>> 150.50.5.2 <http://150.50.5.2> access-list 100
>> permit ip host 150.50.5.1 <http://150.50.5.1> host
> 150.50.5.2<http://150.50.5.2>
>>
>> line vty 0 4
>> login local
>> !
>>
>>
>> TIA
>>
>> Gustavo
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3