username command with access-class

From: Jon Hein (gs@dfwmall.net)
Date: Sun Jul 09 2006 - 12:32:16 ART

• Next message: Jon Hein: "[Fwd: Re: EIGRP router-id]"
• Previous message: Carlos G Mendioroz: "Re: IPV6 nat support"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is it possible to restrict Admin A to log into a router only from Subnet
1, and Admin B to log in to a router only from Subnet 2?

I have tried using access-group on the username command but it seems to
have no effect. I am able to log in with either user account, on any
subnet, and my access-lists show no matches.

If I place the access-class command on the vty lines, it restricts traffic
from the particular addresses and I can log in, but doesn't allow
differentiation by individual users.

username AdminA access-class 1 password cisco1
username AdminB access-class 2 password cisco2

access-list 1 permit 1.1.1.0 0.0.0.255
access-list 2 permit 2.2.2.0 0.0.0.255

vty 0 4
  login local

• Next message: Jon Hein: "[Fwd: Re: EIGRP router-id]"
• Previous message: Carlos G Mendioroz: "Re: IPV6 nat support"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:47 ART