From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Sat Aug 30 2008 - 10:16:52 ART
Hi Friends
Dynamic ACL is something that troubles me all the time whenever i get
the question on same .
PLease help me understanding the concept .
I labbed the following scenario
R4
\
\
\
R1
/
/
/
R5
I want if from R4 ; I telnet to 150.1.1.1 (R1 loopback ) on line 3023
; it should land me in R1
However if I do simple telnet 150.1.1.1 ; it should land me on R5
I am using login local ( username CISCO password CISCO )
R1
*****
Rack1R1(config)#do sh ip access-li
Extended IP access list 101
10 permit tcp any any eq telnet
20 permit tcp any any eq 3023 (8 matches)
Extended IP access list TELNET
10 Dynamic 10 permit tcp any any eq telnet
permit tcp any any eq telnet (26 matches) (time left 287)
20 deny tcp any host 150.1.5.5 eq telnet
30 permit ip any any (68 matches)
line vty 0 1
password cisco
login local
autocommand access-enable timeout 5
line vty 2 4
access-class 101 in
password cisco
login local
rotary 23
!
int s0/1/0.1
ip access-group TELNET in
!
================ 1st requirement works fine =================
Rack1R4#telnet 150.1.1.1 3023
Trying 150.1.1.1, 3023 ... Open
User Access Verification
Username: CISCO
Password:
Rack1R1>
================= 2nd requirement dont work ==================
Rack1R4#telnet 150.1.1.1
Trying 150.1.1.1 ... Open
User Access Verification
Username: CISCO
Password:
[Connection to 150.1.1.1 closed by foreign host]
Rack1R4#telnet 150.1.1.1
Trying 150.1.1.1 ... Open
User Access Verification
Username: CISCO
Password:
% List#TELNET-10 already contains this IP address pair
[Connection to 150.1.1.1 closed by foreign host]
Rack1R4#
================================================
Please guide me in this context
Thnx
Gaurav Madan.
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:33 ART