Re: Limitation in Lock-and-Key Configuration in IOS 12.3??

From: Mushtaq A. Khan (mak.ccie2b@gmail.com)
Date: Fri Mar 17 2006 - 19:50:53 GMT-3

• Next message: Alexei Monastyrnyi: "Re: loopbacks /24 without ip ospf networ or redistribute"
• Previous message: mmeiers@wi.rr.com: "RE: VTP client overwriting server ?"
• Maybe in reply to: Mushtaq A. Khan: "Limitation in Lock-and-Key Configuration in IOS 12.3??"
• Next in thread: Schulz, Dave: "Re: Limitation in Lock-and-Key Configuration in IOS 12.3??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dave,

You are right, The router took the command when I typed in. It is strange.
Anyway, I have another issue that even though I have both the idle and
absolute timeout configured but when I try to open telnet session from the
Switch, the first session gets drop which is expected but when I try it
second time I get the following message.

*% List#LOCK_KEY-MYACL already contains this IP address pair*

I tried it couple of time but no luck.
I remember seeing similar issue with someone in the groupstudy posting but
in my case it is not working.

SW2#172.16.8.1
Trying 172.16.8.1 ... Open

User Access Verification

Username: test
Password:
[Connection to 172.16.8.1 closed by foreign host]
SW2#
Rack01TS#1
[Resuming connection 1 to r1 ... ]

R1#sh ip access | beg LOCK
Extended IP access list LOCK_KEY
    10 permit tcp 172.16.8.0 0.0.0.255 host 172.16.8.1 eq telnet (81
matches)
    15 permit ip 172.16.8.0 0.0.0.255 any (21 matches)
    20 Dynamic MYACL permit tcp 172.16.8.0 0.0.0.255 any eq telnet
       permit tcp host 172.16.8.8 any eq telnet

SW2#172.16.8.1
Trying 172.16.8.1 ... Open

User Access Verification

Username: test
Password:
*% List#LOCK_KEY-MYACL already contains this IP address pair*
[Connection to 172.16.8.1 closed by foreign host]
SW2#
Rack01TS#1
[Resuming connection 1 to r1 ... ]

R1#sh ip access | beg LOCK
Extended IP access list LOCK_KEY
    10 permit tcp 172.16.8.0 0.0.0.255 host 172.16.8.1 eq telnet (153
matches)
    15 permit ip 172.16.8.0 0.0.0.255 any (27 matches)
    20 Dynamic MYACL permit tcp 172.16.8.0 0.0.0.255 any eq telnet
       permit tcp host 172.16.8.8 any eq telnet

Router Configurations:

R1#sh run | inc username
username test password 0 cisco
username test autocommand access-enable host *timeout 5*

R1#sh ip access | beg LOCK
Extended IP access list LOCK_KEY
    10 permit tcp 172.16.8.0 0.0.0.255 host 172.16.8.1 eq telnet
    15 permit ip 172.16.8.0 0.0.0.255 any (1 match)
    20 Dynamic MYACL permit tcp 172.16.8.0 0.0.0.255 any eq telnet

R1#sh run | beg vty
line vty 0 4
 login local

TIA

 Mushtaq

On 3/17/06, Schulz, Dave <DSchulz@dpsciences.com> wrote:
>
> This should work. However, I have noticed that some of the 12.2
> versions do not show the autocommand access-enable timeout when you do a
> ?. But, it is in there. Go ahead and try it. (similar to the ip pim
> autorp listener command)
>
>
> Dave Schulz,
> Email: dschulz@dpsciences.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mushtaq A. Khan
> Sent: Friday, March 17, 2006 3:27 PM
> To: Cisco certification
> Subject: Limitation in Lock-and-Key Configuration in IOS 12.3??
>
> All,
>
> I am having trouble setting idle timeout with the *timeout* keyword in
> the *
> access-enable* command in the *autocommand* command. Is this an IOS
> limitation? I checked the DOC CD for 12.3 configuration and sounds like
> it
> should be supported.
>
> Am I missing anything here? Can any one shed some light on this? Is
> there a
> way I can achieve my goal as mentioned above?
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
> fsecu
> r_c/ftrafwl/scflock.htm#wp1001063
>
> R1(config)#username test autocommand ?
> LINE Command to be automatically issued after the user logs in
>
> R1(config-line)#autocommand ?
> LINE Appropriate EXEC command
> no-suppress-linenumber Display service linenumber message
>
>
>
> R1#sh ver
> Cisco Internetwork Operating System Software
> IOS (tm) C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.3(5a),
> RELEASE
> SOFTWARE (fc1)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Tue 25-Nov-03 06:00 by kellythw
> Image text-base: 0x80008098, data-base: 0x81FFCCD8
>
> ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE
> (fc1)
>
> R1 uptime is 3 days, 5 hours, 36 minutes
> System returned to ROM by reload
> System restarted at 02:19:26 UTC Tue Mar 14 2006
> System image file is "flash:c2600-adventerprisek9-mz.123-5a.bin"
>
> [....]
>
>
>
> TIA,
>
> Mushtaq
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Alexei Monastyrnyi: "Re: loopbacks /24 without ip ospf networ or redistribute"
• Previous message: mmeiers@wi.rr.com: "RE: VTP client overwriting server ?"
• Maybe in reply to: Mushtaq A. Khan: "Limitation in Lock-and-Key Configuration in IOS 12.3??"
• Next in thread: Schulz, Dave: "Re: Limitation in Lock-and-Key Configuration in IOS 12.3??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:39 GMT-3