Re: user access-class

From: Ed Lui (edwlui@gmail.com)
Date: Mon Jul 11 2005 - 13:07:44 GMT-3

• Next message: cacca mucca: "RE: (Brian's) IE Lab15 Task 5.21"
• Previous message: Amit Jain: "(Brian's) IE Lab15 Task 5.21"
• Maybe in reply to: Gustavo Novais: "user access-class"
• Next in thread: De Witt, Duane: "RE: user access-class"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

George,
 That is exactly what I just found from the DocCD.
 Thanks,
Ed

 On 7/11/05, George Red <cisc0day@yahoo.it> wrote:
>
> The access-class on the username command is only in output.
> The access-class in line vty configuration is in input and output.
> HTH,
> George
>
> *Brian Lee <ipgirl@gmail.com>* ha scritto:
>
> Hi Ed,
>
> You can say it that way, but i still don't understand the meaning of the
> acl
> in user cmd ???
>
> B.L
>
> ----- Original Message -----
> From: "Ed Lui"
> To: "Gustavo Novais"
> Cc: "Peppe Monterosso (peppemon)" ;
>
> Sent: Saturday, July 09, 2005 3:42 AM
> Subject: Re: user access-class
>
>
> >I look at it a different way. Just not sure if it is exactly the task
> > ask(worded) you to do. The task says
> > "R7 can telnet into R8 to its s0/0 interface"
> > So I would create an access-list to allow only R7 telnet to R8, apply
> the
> > access-list on int s0/0. Then create the username and password, apply
> > login
> > local under vty 0 XXX.
> > HTH,
> > Ed Lui
> >
> > On 7/8/05, Gustavo Novais wrote:
> >>
> >> I understand... At the end that's what I did, but I think the essence
> of
> >> the question was to limit inbound connections by username and router.
> >> This username can only log to R8 if he comes from R7, not somewhere
> >> else.
> >>
> >> I checked the command and its purpose is to limit OUTBOUND connections
> >> from that user when he is logged on to the router R8.
> >>
> >> I think there's no way, without using tacacs to do this... Or is there?
> >>
> >> Thanks
> >>
> >> Gustavo
> >>
> >>
> >> -----Original Message-----
> >> From: Peppe Monterosso (peppemon) [mailto:peppemon@cisco.com]
> >> Sent: sexta-feira, 8 de Julho de 2005 20:27
> >> To: Gustavo Novais; ccielab@groupstudy.com
> >> Subject: RE: user access-class
> >>
> >> Gustavo,
> >> What I did was an access list applied to the vty 0 4. This is to allow
> >> just R7 to telnet, and then a normal username XXX password YYYY on R8
> >>
> >> Peppe
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> >> Gustavo Novais
> >> Sent: Friday, July 08, 2005 11:55 AM
> >> To: ccielab@groupstudy.com
> >> Subject: user access-class
> >>
> >> Hi group
> >>
> >> I'm having a doubt here....
> >>
> >> Task says to configure R8 so that R7 can telnet into R8 to its s0/0
> >> interface using username XXXX and password YYYY. No other routers or
> >> hosts should be able to telnet to R8 using the same username and
> >> password.
> >>
> >> To me it seems like configuring user XXXX access-class 100 password
> YYYY
> >> with access-list 100 allowing only source IP R7 and destination R8
> s0/0.
> >> I configured line vty 0 4 with login local.
> >>
> >> The thing is that it is not working!
> >>
> >> I go to other routers... and they also can login with that specific
> >> username\password, meaning the access-class is not working... (hum...
> >> should try logging.)
> >> am I missing something?
> >>
> >>
> >> config:
> >>
> >>
> >> username XXXX access-class 100 password YYYY
> >>
> >> access-list 100 permit ip host 200.0.0.7 <http://200.0.0.7/> host
> >> 150.50.5.2 <http://150.50.5.2/> access-list 100
> >> permit ip host 150.50.5.1 <http://150.50.5.1/> host
> > 150.50.5.2 <http://150.50.5.2/>
> >>
> >> line vty 0 4
> >> login local
> >> !
> >>
> >>
> >> TIA
> >>
> >> Gustavo
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ------------------------------
> *Yahoo!
Messenger*<http://us.rd.yahoo.com/mail_it/taglines/*http://it.beta.messenger.
yahoo.com>:
> chiamate gratuite in tutto il mondo

• Next message: cacca mucca: "RE: (Brian's) IE Lab15 Task 5.21"
• Previous message: Amit Jain: "(Brian's) IE Lab15 Task 5.21"
• Maybe in reply to: Gustavo Novais: "user access-class"
• Next in thread: De Witt, Duane: "RE: user access-class"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3