From: Robert Jones (trevelle@wowway.com)
Date: Wed Oct 11 2006 - 22:23:21 ART
Thx. Do I telnet to the router and login as CLI and then telnet to get to
the switch?
-----Original Message-----
From: Brian Dennis [mailto:bdennis@internetworkexpert.com]
Sent: Sunday, October 15, 2006 11:27 PM
To: trevelle@wowway.com; ccielab@groupstudy.com
Subject: RE: IWEB-RS/Internetwork Expert LAB 6 9.2
You need to clear the "access template" when you want to retest your
configuration. The error message is referring to the fact the dynamic
ACL entry already exists.
To remove a dynamic ACL entry you will need to use the "clear
access-template" command. The options in the "clear access-template"
command need to match what is in the dynamic ACL. The "?" doesn't give
you the help you would expect with the "clear access-template" command.
Remember to just type a command out if you think the option should take
even if it doesn't show up with the "?". This is just one of the many
commands that do not show up properly or some at all with the "?".
Here is an example of how to clear a dynamic ACL:
Rack4R1#sho access-list
Extended IP access list 100
10 permit tcp any any eq telnet (26 matches)
20 Dynamic LOCK_KEY permit icmp any any echo
permit icmp host 1.1.1.2 any echo
30 deny ip any any (36 matches)
Rack4R1#
Rack4R1#clear access-template 100 LOCK_KEY host 1.1.1.2 any
Rack4R1#sho access-list
Extended IP access list 100
10 permit tcp any any eq telnet (26 matches)
20 Dynamic LOCK_KEY permit icmp any any echo
30 deny ip any any (66 matches)
Rack4R1#
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
trevelle@wowway.com
Sent: Sunday, October 15, 2006 6:24 PM
To: ccielab@groupstudy.com
Subject: IWEB-RS/Internetwork Expert LAB 6 9.2
Lab 6 exercise 9.2 traffic filtering states that users must authenticate
through router 2 before they can access sw1. I am able to access sw1
after entering the following commands. Can someone please tell me what
am I missing? Any suggestions will be greatly appreciated.
This is the error that I recieve when I try and login as TELNET:
Username: TELNET
Password:
List#DYNAMIC-PERMIT_TELNET already contains this IP address pair
[Connection to 150.1.2.2 closed by foreign host]
R2
username CLI password 0 CISCO
username TELNET password 0 CISCO
username TELNET autocommand access-enable timeout 5
ip access-list extended DYNAMIC
dynamic PERMIT_TELNET permit tcp any any eq telnet
deny tcp any host 191.1.27.7 eq telnet
deny tcp any host 191.1.7.7 eq telnet
deny tcp any host 191.1.77.7 eq telnet
deny tcp any host 191.1.177.7 eq telnet
deny tcp any host 150.1.7.7 eq telnet
permit ip any any
username TELNET autocommand access-enable timeout 5
interface Serial0/1
ip address 191.1.23.2 255.255.255.0
ip access-group DYNAMIC in
interface Serial0/0
ip address 191.1.125.2 255.255.255.0
ip access-group DYNAMIC in
password cisco
line vty 0 4
login local
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:05 ART