From: Ali.Huang (zero5291@gmail.com)
Date: Thu Aug 25 2005 - 03:00:15 GMT-3
Hi,group,
When I see the example of Lock and Key,I coufused for this.pls see the example:
username test password 0 test
username test autocommand access-enable host timeout 10
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
access-list 101 permit tcp any host 10.1.1.1 eq telnet
access-list 101 dynamic testlist timeout 15 permit ip 10.1.1.0 0.0.0.255
172.16.1.0 0.0.0.255
line vty 0 4
login local
From the following the linker.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#lockandkey
The result:After the user at 10.1.1.2 makes a Telnet connection to
10.1.1.1, the dynamic ACL is applied. The connection is then dropped,
and the user can go to the 172.16.1.x network.
From this,I know it seems as if only telnet traffic can triggeer the
Dynamic ALCs.If passed the authentication,He can access others
resources.
But if it is a transmit router,not edge router,and I want to permit
other traffic from other users,and use this feature ,how to do?
If I add another last clause access-list 101 permit ip any any,it can work?
-- THX. Ali.huang
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:20 GMT-3