Re: Lock and Key

From: Fahad Khan (fahad.khan@gmail.com)
Date: Sat Aug 30 2008 - 13:00:22 ART

• Next message: Tony Schaffran \(GS\): "RE: can anybody help"
• Previous message: john matijevic: "Re: can anybody help"
• Maybe in reply to: GAURAV MADAN: "Lock and Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If i am not wrong you need "autocommand access-enable host" command under
"line vty 2 4" as well.

On 8/30/08, GAURAV MADAN <gauravmadan1177@gmail.com> wrote:
>
> Hi Friends
>
> Dynamic ACL is something that troubles me all the time whenever i get
> the question on same .
> PLease help me understanding the concept .
>
> I labbed the following scenario
>
> R4
> \
> \
> \
> R1
> /
> /
> /
> R5
>
> I want if from R4 ; I telnet to 150.1.1.1 (R1 loopback ) on line 3023
> ; it should land me in R1
> However if I do simple telnet 150.1.1.1 ; it should land me on R5
> I am using login local ( username CISCO password CISCO )
>
> R1
> *****
> Rack1R1(config)#do sh ip access-li
> Extended IP access list 101
> 10 permit tcp any any eq telnet
> 20 permit tcp any any eq 3023 (8 matches)
>
> Extended IP access list TELNET
> 10 Dynamic 10 permit tcp any any eq telnet
> permit tcp any any eq telnet (26 matches) (time left 287)
> 20 deny tcp any host 150.1.5.5 eq telnet
> 30 permit ip any any (68 matches)
>
> line vty 0 1
> password cisco
> login local
> autocommand access-enable timeout 5
> line vty 2 4
> access-class 101 in
> password cisco
> login local
> rotary 23
> !
> int s0/1/0.1
> ip access-group TELNET in
> !
> ================ 1st requirement works fine =================
> Rack1R4#telnet 150.1.1.1 3023
> Trying 150.1.1.1, 3023 ... Open
>
>
> User Access Verification
>
> Username: CISCO
> Password:
> Rack1R1>
> ================= 2nd requirement dont work ==================
>
> Rack1R4#telnet 150.1.1.1
> Trying 150.1.1.1 ... Open
>
>
> User Access Verification
>
> Username: CISCO
> Password:
> [Connection to 150.1.1.1 closed by foreign host]
> Rack1R4#telnet 150.1.1.1
> Trying 150.1.1.1 ... Open
>
>
> User Access Verification
>
> Username: CISCO
> Password:
> % List#TELNET-10 already contains this IP address pair
> [Connection to 150.1.1.1 closed by foreign host]
> Rack1R4#
>
> ================================================
>
> Please guide me in this context
>
> Thnx
> Gaurav Madan.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Fahad Khan
Blogs and organic groups at http://www.ccie.net

• Next message: Tony Schaffran \(GS\): "RE: can anybody help"
• Previous message: john matijevic: "Re: can anybody help"
• Maybe in reply to: GAURAV MADAN: "Lock and Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:33 ART