Lock & Key Configuration issue

From: Mushtaq A. Khan (mak.ccie2b@gmail.com)
Date: Fri Mar 17 2006 - 20:50:05 GMT-3

• Next message: Tim: "Please ignore"
• Previous message: Alexei Monastyrnyi: "Re: ospf adj problem"
• Next in thread: Mushtaq A. Khan: "Re: Lock & Key Configuration issue"
• Maybe reply: Mushtaq A. Khan: "Re: Lock & Key Configuration issue"
• Maybe reply: PhiL: "Re: Lock & Key Configuration issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,
I have an issue that even though I have both the idle and absolute timeout
configured but when I try to open telnet session from the Switch, the first
session gets drop which is expected but when I try it second time I get the
following message.

*% List#108-MYACL already contains this IP address pair*

I tried it couple of time and manually clear the dynamic ACL using "clear
access-template 108 MYACL host 172.16.8.8 any"" but no luck so far.
I remember seeing similar issue with someone in the groupstudy posting but
in my case it is not working.

SW2#172.16.8.1
Trying 172.16.8.1 ... Open

User Access Verification

Username: test
Password:
[Connection to 172.16.8.1 closed by foreign host]
SW2#
Rack01TS#1
[Resuming connection 1 to r1 ... ]

R1#sh ip access | beg 108

Extended IP access list 108
    10 permit tcp 172.16.8.0 0.0.0.255 host 172.16.8.1 eq telnet (81
matches)
    15 permit ip 172.16.8.0 0.0.0.255 any (21 matches)
    20 Dynamic MYACL permit tcp 172.16.8.0 0.0.0.255 any eq telnet
       permit tcp host 172.16.8.8 any eq telnet

SW2#172.16.8.1
Trying 172.16.8.1 ... Open

User Access Verification

Username: test
Password:
*% List#108-MYACL already contains this IP address pair*
[Connection to 172.16.8.1 closed by foreign host]
SW2#
Rack01TS#1
[Resuming connection 1 to r1 ... ]

R1#sh ip access | beg 108
Extended IP access list 108
    10 permit tcp 172.16.8.0 0.0.0.255 host 172.16.8.1 eq telnet (153
matches)
    15 permit ip 172.16.8.0 0.0.0.255 any (27 matches)
    20 Dynamic MYACL permit tcp 172.16.8.0 0.0.0.255 any eq telnet
       permit tcp host 172.16.8.8 any eq telnet

Router Configurations:

R1#sh run | inc username
username test password 0 cisco
username test autocommand access-enable host *timeout 5*

R1#sh ip access | beg 108
Extended IP access list 108
    10 permit tcp 172.16.8.0 0.0.0.255 host 172.16.8.1 eq telnet
    15 permit ip 172.16.8.0 0.0.0.255 any (1 match)
    20 Dynamic MYACL permit tcp 172.16.8.0 0.0.0.255 any eq telnet

R1#sh run | beg vty
line vty 0 4
 login local

TIA

 Mushtaq

• Next message: Tim: "Please ignore"
• Previous message: Alexei Monastyrnyi: "Re: ospf adj problem"
• Next in thread: Mushtaq A. Khan: "Re: Lock & Key Configuration issue"
• Maybe reply: Mushtaq A. Khan: "Re: Lock & Key Configuration issue"
• Maybe reply: PhiL: "Re: Lock & Key Configuration issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:39 GMT-3