From: Lee Donald (Lee.Donald@t-systems.co.uk)
Date: Tue Aug 23 2005 - 12:58:04 GMT-3
Dave,
Have you got "autocommand access-enable [host] [timeout minutes]" under the
vty line?
Also you have to use a username and password together with the login local
function.
This doc should clear it up for you.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
ur_c/ftrafwl/scflock.htm
Regards
Lee.
-----Original Message-----
From: Schulz, Dave [mailto:DSchulz@dpsciences.com]
Sent: 23 August 2005 16:42
To: ccielab@groupstudy.com
Subject: Dynamic access-list and lock and key issue
Group -
Working with dynamic access-lists and lock and key, I am having an issue
with getting this to work properly.
Here is my config on R1:
Interface Loopback0
Ip address 10.10.10.10 255.255.255.0
!
interface Serial0
description Connection to S0 on R2
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
no fair-queue
clockrate 64000
!
router ospf 1
log-adjacency-changes
network 10.10.10.10 0.0.0.0 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 1
!
access-list 100 permit ospf any any
access-list 100 permit tcp any any eq telnet
access-list 100 dynamic mytest permit ip any any
!
R2 is connected to the serial port of R1. When I initiate a telnet to
the loopback address of R1....I get the following.....
R2#10.10.10.10
Trying 10.10.10.10 ... Open
User Access Verification
Username: cisco
Password:
List#100-mytest already contains this IP address pair
[Connection to 10.10.10.10 closed by foreign host]
Furthermore, when I do a show access-list on R1, I get the following:
R1#sh ip access
Extended IP access list 100
permit ospf any any (21 matches)
permit tcp any any eq telnet (96 matches)
Dynamic mytest permit ip any any
permit ip any any
So, where the connection that it says is already established. I even
tried to bounce the interfaces and can't seem to clear the mytest list.
Thoughts?
Dave
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3