From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Sun Oct 01 2006 - 08:56:01 ART
Hi
Have you tried to see if when logged, user CCIE can make telnet
sessions?
I remember we discussing this previously on GS, and the conclusion we
got was that user access-class limited outbound telnet sessions for that
user, on that particular router.
Check doccd on
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hs
ec_r/sec_t1h.htm#wp1184201
Gustavo Novais
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Robert Watson
Sent: domingo, 1 de Outubro de 2006 1:38
To: ccielab@groupstudy.com
Subject: Username X access-class feature broken?
Testing the following scenario
Access-list 101 permit tcp host 131.1.1.5 any eq telnet
When I apply the acl to line vty 0 4
Works as expected only telnet session from 131.1.1.5 is alowed to login
When I apply the acl to username
username CCIE access-class 101 password 0 TEST
Anyone and their cute sister can get in via uname CCIE
Am I doing something wrong here? Do you have to enable aaa for the
access-class feature to work?
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:03 ART