From: Godswill Oletu (oletu@inbox.lv)
Date: Tue Jul 12 2005 - 13:16:54 GMT-3
This should work fine for you...
R8#
interfacace serial 0/0
ip address 1.1.1.1 255.255.255.252
!
username De-Witt access-class 1 password 0 some-sleep-might-help
!
access-list 1 permit 1.1.1.2
!
line vty 0 4
login local
access-class 1 in
!
-----
Godswill Oletu
----- Original Message -----
From: "De Witt, Duane" <duane.dewitt@siemens.com>
To: "Ed Lui" <edwlui@gmail.com>; "George Red" <cisc0day@yahoo.it>
Cc: "Brian Lee" <ipgirl@gmail.com>; "Gustavo Novais"
<gustavo.novais@novabase.pt>; "Peppe Monterosso (peppemon)"
<peppemon@cisco.com>; <ccielab@groupstudy.com>
Sent: Tuesday, July 12, 2005 5:32 AM
Subject: RE: user access-class
> Hi
>
> So what is the end result of this?
>
> I mean according to IpExpert proctor guide the access-class associated
> with the username is the way to go, but clearly it doesn't work.
>
> What is the proctor solution to this?
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ed Lui
> Sent: 11 July 2005 06:08 PM
> To: George Red
> Cc: Brian Lee; Gustavo Novais; Peppe Monterosso (peppemon);
> ccielab@groupstudy.com
> Subject: Re: user access-class
>
> George,
> That is exactly what I just found from the DocCD.
> Thanks,
> Ed
>
> On 7/11/05, George Red <cisc0day@yahoo.it> wrote:
>>
>> The access-class on the username command is only in output.
>> The access-class in line vty configuration is in input and output.
>> HTH,
>> George
>>
>> *Brian Lee <ipgirl@gmail.com>* ha scritto:
>>
>> Hi Ed,
>>
>> You can say it that way, but i still don't understand the meaning of
> the
>> acl
>> in user cmd ???
>>
>> B.L
>>
>> ----- Original Message -----
>> From: "Ed Lui"
>> To: "Gustavo Novais"
>> Cc: "Peppe Monterosso (peppemon)" ;
>>
>> Sent: Saturday, July 09, 2005 3:42 AM
>> Subject: Re: user access-class
>>
>>
>> >I look at it a different way. Just not sure if it is exactly the task
>> > ask(worded) you to do. The task says
>> > "R7 can telnet into R8 to its s0/0 interface"
>> > So I would create an access-list to allow only R7 telnet to R8,
> apply
>> the
>> > access-list on int s0/0. Then create the username and password,
> apply
>> > login
>> > local under vty 0 XXX.
>> > HTH,
>> > Ed Lui
>> >
>> > On 7/8/05, Gustavo Novais wrote:
>> >>
>> >> I understand... At the end that's what I did, but I think the
> essence
>> of
>> >> the question was to limit inbound connections by username and
> router.
>> >> This username can only log to R8 if he comes from R7, not somewhere
>> >> else.
>> >>
>> >> I checked the command and its purpose is to limit OUTBOUND
> connections
>> >> from that user when he is logged on to the router R8.
>> >>
>> >> I think there's no way, without using tacacs to do this... Or is
> there?
>> >>
>> >> Thanks
>> >>
>> >> Gustavo
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: Peppe Monterosso (peppemon) [mailto:peppemon@cisco.com]
>> >> Sent: sexta-feira, 8 de Julho de 2005 20:27
>> >> To: Gustavo Novais; ccielab@groupstudy.com
>> >> Subject: RE: user access-class
>> >>
>> >> Gustavo,
>> >> What I did was an access list applied to the vty 0 4. This is to
> allow
>> >> just R7 to telnet, and then a normal username XXX password YYYY on
> R8
>> >>
>> >> Peppe
>> >>
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of
>> >> Gustavo Novais
>> >> Sent: Friday, July 08, 2005 11:55 AM
>> >> To: ccielab@groupstudy.com
>> >> Subject: user access-class
>> >>
>> >> Hi group
>> >>
>> >> I'm having a doubt here....
>> >>
>> >> Task says to configure R8 so that R7 can telnet into R8 to its s0/0
>> >> interface using username XXXX and password YYYY. No other routers
> or
>> >> hosts should be able to telnet to R8 using the same username and
>> >> password.
>> >>
>> >> To me it seems like configuring user XXXX access-class 100 password
>> YYYY
>> >> with access-list 100 allowing only source IP R7 and destination R8
>> s0/0.
>> >> I configured line vty 0 4 with login local.
>> >>
>> >> The thing is that it is not working!
>> >>
>> >> I go to other routers... and they also can login with that specific
>> >> username\password, meaning the access-class is not working...
> (hum...
>> >> should try logging.)
>> >> am I missing something?
>> >>
>> >>
>> >> config:
>> >>
>> >>
>> >> username XXXX access-class 100 password YYYY
>> >>
>> >> access-list 100 permit ip host 200.0.0.7 <http://200.0.0.7/> host
>> >> 150.50.5.2 <http://150.50.5.2/> access-list 100
>> >> permit ip host 150.50.5.1 <http://150.50.5.1/> host
>> > 150.50.5.2 <http://150.50.5.2/>
>> >>
>> >> line vty 0 4
>> >> login local
>> >> !
>> >>
>> >>
>> >> TIA
>> >>
>> >> Gustavo
>> >>
>> >>
> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
> _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> ------------------------------
>> *Yahoo!
> Messenger*<http://us.rd.yahoo.com/mail_it/taglines/*http://it.beta.messe
> nger.
> yahoo.com>:
>> chiamate gratuite in tutto il mondo
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3