RE: Username with access-class (Someone please help me out)

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Thu Aug 24 2006 - 15:27:33 ART

• Next message: Kunle Ayodele: "Re: Nice to Join you guys!"
• Previous message: Darby Weaver: "RE: CCNA carrer"
• Maybe in reply to: Anderson Mota Alves: "Username with access-class (Someone please help me out)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Que tal Andy..

What I found is that the username access-class command does, is that limit
telnet connections out that box, when logged with that username
Example

I have R3 and R4 connected over the Ethernet and I'm using Eigrp between the
2 to pass network information

Lo0 Lo0 4.4.4.4
R3 R4
---------------

The configuration at R3 looks like this

username test access-class 1 password 0 test
access-list 1 permit 4.4.4.4
line vty 0 4
login local

So now if the user TEST telnets to R3 he could only telnet to R4 loopback 0

Username: test
Password:
R3>telnet 4.4.4.4
Trying 4.4.4.4 ...
% Connections to that host not permitted from this terminal
R3>exit

[Connection to 4.4.3.3 closed by foreign host]
R3#
R3#show access-list 1
Standard IP access list 1
    20 permit 3.3.3.3 (1 match)
    10 deny any (3 matches)
R3#conf te
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#access-list 1 permit 4.4.4.4
R3(config)#^Z
R3#show access-list 1
*Mar 1 03:10:44.263: %SYS-5-CONFIG_I: Configured from console by console
R3#telnet 3.3.3.3
Trying 3.3.3.3 ... Open

User Access Verification

Username: test
Password:
R3>telnet 4.4.4.4
Trying 4.4.4.4 ... Open

User Access Verification

Username: test
Password:
% Login invalid

HTH
Victor,.

-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
Anderson Mota Alves
Enviado el: Jueves, 24 de Agosto de 2006 01:13 p.m.
Para: ccielab@groupstudy.com
CC: swm@emanon.com
Asunto: Username with access-class (Someone please help me out)

Hi guys, I'm facing the same problem or at least trying to configure
something that Gustavo Novais tried a year ago in this Group Study, I was
looking for a possibe solution or some pointers and I found the link
below but using the same question as his I can't get this working.. Scott
I'm also copying you to see if you could kindly help me on this issue.
http://www.groupstudy.com/archives/ccielab/200507/msg00335.html The only
thing I change from his config is that I'm using an standard ACL since I
saw that the line VTY don't work very well with extended ACL So basically
I would like to limit that only the Router with the source 192.168.1.1
can telnet to the R4 using the username test, all other routers should
use username cisco R4 config:username cisco password cisco
username test access-class 100 password testusername test autocommand
show ip interface brief
access-list 80 permit 192.168.1.1line vty 0 4
login local
Thanks everybody, Andy

• Next message: Kunle Ayodele: "Re: Nice to Join you guys!"
• Previous message: Darby Weaver: "RE: CCNA carrer"
• Maybe in reply to: Anderson Mota Alves: "Username with access-class (Someone please help me out)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:58 ART