From: Angelo De Guzman (a.deguzman@wesolv.ph.fujitsu.com)
Date: Mon Oct 02 2006 - 00:01:00 ART
You may want to add other host IP of your other routers as well to your inbound
ACL if that is what you wanted to do. This way if they will telnet to R7 and
knows the local username at R7 they will be allowed as well. This breaks your
original posts.
>>The question quotes "R6 is allowed to telnet to R7 ONLY with username R6
>>password cisco".
Anyway I dont have any other methods on how to allow only telnet from certain
hosts except for the inbound access class on the VTY. I am thinking of putting
extended ACL's on your incoming interface but this would complicate things.
Maybe the group has other methods.
Chee Chew Leong (10/2/06 10:49 AM):
>
>This would restrict other users from telneting to R7 as well. This will
>cause over restricted.
>
>Is there a method on R7 that can limit a user coming in from certain
>source ip?
>
>
>
>
>
>
>"Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
>Sent by: nobody@groupstudy.com
>10/02/2006 10:18 AM
>Please respond to
>"Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
>
>
>To
>ccielab@groupstudy.com
>cc
>
>Subject
>Re(2):restrict telnet access from source network
>
>
>
>
>
>
>Hi,
>
> Do an inbound ACL at R7 for all the VTY's permitting only the host IP
>address
>of R6. Then use local database for the username.
>
>Angelo
>
>Chee Chew Leong (10/2/06 10:11 AM):
>>
>>But, how to do inbound access-class per user on R7?
>>
>>
>>
>>
>>
>>"Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
>>Sent by: nobody@groupstudy.com
>>10/02/2006 09:29 AM
>>Please respond to
>>"Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
>>
>>
>>To
>>ccielab@groupstudy.com
>>cc
>>
>>Subject
>>Re:restrict telnet access from source network
>>
>>
>>
>>
>>
>>
>>AFAIK. I think youre interpretation is okay.
>>
>>Chee Chew Leong (10/2/06 9:08 AM):
>>>
>>>The question quotes "R6 is allowed to telnet to R7 ONLY with username R6
>>>password cisco".
>>>
>>>The way I interprete this question is that we have to configure R7 to
>>>limit a local configured username 'R6' on R7. The telnet only allow from
>>>any of the IPs belongs to R6 when using username 'R6'.
>>>
>>>
>>>I need your opinion should my interpretation correct or how to configure
>>>this.
>>>
>>>_______________________________________________________________________
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>***********************
>>>No virus was detected in the attachment no filename
>>>
>>>Your mail has been scanned by InterScan MSS.
>>>***********-***********
>>>
>>
>>
>>
>>***********************
>>No virus was detected in the attachment no filename
>>
>>Your mail has been scanned by InterScan MSS.
>>***********-***********
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>***********************
>>No virus was detected in the attachment no filename
>>
>>Your mail has been scanned by InterScan MSS.
>>***********-***********
>>
>
>
>
>***********************
>No virus was detected in the attachment no filename
>
>Your mail has been scanned by InterScan MSS.
>***********-***********
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>
>***********************
>No virus was detected in the attachment no filename
>No virus was detected in the attachment no filename
>
>Your mail has been scanned by InterScan MSS.
>***********-***********
>
***********************
No virus was detected in the attachment no filename
Your mail has been scanned by InterScan MSS.
***********-***********
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:03 ART