From: John (jgarrison1@austin.rr.com)
Date: Tue Jun 10 2008 - 20:12:40 ART
My guess is this is from an IE lab. Theres a second requirement to
configure another user with telnet privilages to the switch. The lock and
key denies that user, so you have to split the lines IE does it VTY 0 for
user RDP and VTY 1 4. for the other user. The point of the exercise is to
show that if you need to give access to "different" users you can "split"
the vty ports and apply different configurations to them or if you want one
user coming in on port 23 and others on 2023 etc...
Hope that helps
----- Original Message -----
From: "CCIE3000" <ccie3000@googlemail.com>
To: "Rich Collins" <nilsi2002@gmail.com>
Cc: "seyfert ." <seyfert22@googlemail.com>; "Cisco certification"
<ccielab@groupstudy.com>; "SAM Meng Wai" <mwsam@starhub.com>
Sent: Tuesday, June 10, 2008 3:07 PM
Subject: Re: Lab do and dont's..VTY access
> Sorry, seeing Tony's email and reading back again, I hadn't seen the bit.
>
> before he can access server x.x.x.x
>
> Are you talking about Reflexive Access list (lock and key) ?
>
> If so this may help you:
>
> Defines one or more virtual terminal (VTY) ports and enters line
> configuration mode. If you specify multiple VTY ports, they must all be
> configured identically because the software hunts for available VTY ports
> on
> a round-robin basis. If you do not want to configure all your VTY ports
> for
> lock-and-key access, you can specify a group of VTY ports for lock-and-key
> support only.
>
> Taken from
> http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_lock_key_secrty_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1000993
>
>
> As for Tony, I'm guessing, you mean my comment about the lab having
> something to do with reality.
>
> I'm guessing as your one liner was a little cryptic. In fact one could
> take
> it as a bit of a smart arse comment....but hey....your comment definitely
> helped out the OP so good for you....
>
> There is quite a chunk that doesn't really, because quite often you are
> told
> to do something and then told that you are not allowed to use the command
> that every man and his dog would use to complete the task. Which in
> reality
> is the command that you would use.
>
> But then again, if it was more straight forward we'd all be passing and
> the
> CCIE wouldn't be so worth while.
>
> As for the OP, if you still have any questions regarding this matter, ask
> away, I'm sure between us all here we'll get to the bottom of it.
>
>
>
>
>
>
> On 6/10/08, Rich Collins <nilsi2002@gmail.com> wrote:
>>
>> It would probably just change vty 0. You better configure by typing
>> "line
>> vty 0 4".
>>
>> On Tue, Jun 10, 2008 at 1:14 PM, seyfert . <seyfert22@googlemail.com>
>> wrote:
>>
>> > I was review my workbook, and have this question
>> >
>> > user in Vlan 7 must authenticate to SW1 with username RDP and pass
>> > CISCO
>> > before he can access server x.x.x.x
>> >
>> > I know the answer...but I get confuse,where to put it..
>> > whether I put in VTY 0 ...or vty 0 4.
>> >
>> > My question is
>> > if I change the vty access to
>> > login local
>> >
>> > Does I need to change to all vty ?? or just vty 0.
>> >
>> > Anyone would help with this verification.
>> >
>> >
>> > Thanks
>> >
>> > Yohanes BW
>> >
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART