Re: Dynamic access-list and lock and key issue

From: Héctor Fernández (gnakh@telefonica.net)
Date: Tue Aug 23 2005 - 12:58:28 GMT-3

• Next message: Chris Lewis \(chrlewis\): "RE: ATT Bit"
• Previous message: Héctor Fernández: "Re: ISIS address rule question. IEWB"
• Maybe in reply to: Schulz, Dave: "Dynamic access-list and lock and key issue"
• Next in thread: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try show session and kill the one you had before...
I think that'll work

Hictor
----- Original Message -----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
To: <ccielab@groupstudy.com>
Sent: Tuesday, August 23, 2005 5:42 PM
Subject: Dynamic access-list and lock and key issue

> Group -
>
> Working with dynamic access-lists and lock and key, I am having an issue
> with getting this to work properly.
>
> Here is my config on R1:
>
> Interface Loopback0
> Ip address 10.10.10.10 255.255.255.0
> !
> interface Serial0
> description Connection to S0 on R2
> ip address 192.168.2.1 255.255.255.0
> ip access-group 100 in
> no fair-queue
> clockrate 64000
> !
> router ospf 1
> log-adjacency-changes
> network 10.10.10.10 0.0.0.0 area 0
> network 192.168.2.0 0.0.0.255 area 0
> network 192.168.3.0 0.0.0.255 area 1
> !
> access-list 100 permit ospf any any
> access-list 100 permit tcp any any eq telnet
> access-list 100 dynamic mytest permit ip any any
> !
>
> R2 is connected to the serial port of R1. When I initiate a telnet to
> the loopback address of R1....I get the following.....
>
> R2#10.10.10.10
> Trying 10.10.10.10 ... Open
>
>
> User Access Verification
>
> Username: cisco
> Password:
> List#100-mytest already contains this IP address pair
> [Connection to 10.10.10.10 closed by foreign host]
>
> Furthermore, when I do a show access-list on R1, I get the following:
>
> R1#sh ip access
> Extended IP access list 100
> permit ospf any any (21 matches)
> permit tcp any any eq telnet (96 matches)
> Dynamic mytest permit ip any any
> permit ip any any
>
>
> So, where the connection that it says is already established. I even
> tried to bounce the interfaces and can't seem to clear the mytest list.
> Thoughts?
>
> Dave
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Chris Lewis \(chrlewis\): "RE: ATT Bit"
• Previous message: Héctor Fernández: "Re: ISIS address rule question. IEWB"
• Maybe in reply to: Schulz, Dave: "Dynamic access-list and lock and key issue"
• Next in thread: Schulz, Dave: "RE: Dynamic access-list and lock and key issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3