Dynamic access-list and lock and key issue

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Tue Aug 23 2005 - 12:42:21 GMT-3

• Next message: Lee Donald: "RE: Dynamic access-list and lock and key issue"
• Previous message: Stefan Grey: "Re: ISIS address rule question. IEWB"
• Next in thread: Lee Donald: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Lee Donald: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Héctor Fernández: "Re: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Brian Dennis: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Brian Dennis: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Brian Dennis: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Group -

Working with dynamic access-lists and lock and key, I am having an issue
with getting this to work properly.

Here is my config on R1:

Interface Loopback0
 Ip address 10.10.10.10 255.255.255.0
!
interface Serial0
 description Connection to S0 on R2
 ip address 192.168.2.1 255.255.255.0
 ip access-group 100 in
 no fair-queue
 clockrate 64000
!
router ospf 1
 log-adjacency-changes
 network 10.10.10.10 0.0.0.0 area 0
 network 192.168.2.0 0.0.0.255 area 0
 network 192.168.3.0 0.0.0.255 area 1
!
access-list 100 permit ospf any any
access-list 100 permit tcp any any eq telnet
access-list 100 dynamic mytest permit ip any any
!

R2 is connected to the serial port of R1. When I initiate a telnet to
the loopback address of R1....I get the following.....

R2#10.10.10.10
Trying 10.10.10.10 ... Open

User Access Verification

Username: cisco
Password:
List#100-mytest already contains this IP address pair
[Connection to 10.10.10.10 closed by foreign host]

Furthermore, when I do a show access-list on R1, I get the following:

R1#sh ip access
Extended IP access list 100
    permit ospf any any (21 matches)
    permit tcp any any eq telnet (96 matches)
    Dynamic mytest permit ip any any
      permit ip any any

So, where the connection that it says is already established. I even
tried to bounce the interfaces and can't seem to clear the mytest list.
Thoughts?

Dave

• Next message: Lee Donald: "RE: Dynamic access-list and lock and key issue"
• Previous message: Stefan Grey: "Re: ISIS address rule question. IEWB"
• Next in thread: Lee Donald: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Lee Donald: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Héctor Fernández: "Re: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Brian Dennis: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Brian Dennis: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Brian Dennis: "RE: Dynamic access-list and lock and key issue"
• Maybe reply: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3