From: Young K. Bae (ybae@cisco.com)
Date: Fri Sep 13 2002 - 02:23:47 GMT-3
I'm trying to configure a lock-and-key access-list on R5 to allow telnet to
R2 upon a successful login from R7. After applying the access-list on the
Ethernet interface of R5, I'm getting an error when I attempt to telnet to
it. Do you see any error(s) on the configuration of the access-list on R5?
Thanks!
NOTE: 150.50.100.2 is the IP address of S0/0.256 on R2.
<Topology>
R7(e0/0) --- (e0/0)R5(s4/0) --- (s0/0.256)R2
<Error>
R7#150.50.7.5
Trying 150.50.7.5 ... Open
User Access Verification
Username: favre
Password:
No DYNAMIC list for FastEthernet0/0
[Connection to 150.50.7.5 closed by foreign host]
<Configuration>
R5#sh run
Building configuration...
Current configuration : 2511 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R5
!
!
username R2 password 0 cisco
username favre password 0 ipexpert
!
!
!
!
ip subnet-zero
!
frame-relay de-list 1 protocol ip gt 1024
!
!
isdn switch-type basic-5ess
!
!
!
!
!
interface Loopback0
ip address 200.0.0.5 255.255.255.255
!
interface FastEthernet0/0
ip address 150.50.7.5 255.255.255.128
ip access-group 101 in
half-duplex
!
interface BRI2/0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-5ess
isdn spid1 98755555
ppp multilink
!
interface BRI2/1
no ip address
shutdown
isdn switch-type basic-5ess
!
interface BRI2/2
no ip address
shutdown
isdn switch-type basic-5ess
!
interface BRI2/3
no ip address
shutdown
isdn switch-type basic-5ess
!
interface Serial4/0
ip address 150.50.100.5 255.255.255.224
encapsulation frame-relay
ip ospf priority 0
serial restart-delay 0
frame-relay de-group 1 502
frame-relay map ip 150.50.100.2 512 broadcast
frame-relay map ip 150.50.100.5 512
frame-relay map ip 150.50.100.6 512 broadcast
no frame-relay inverse-arp
!
interface Serial4/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial4/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial4/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet5/0
no ip address
shutdown
!
interface Ethernet5/1
no ip address
shutdown
!
interface Ethernet5/2
no ip address
shutdown
!
interface Ethernet5/3
no ip address
shutdown
!
interface Ethernet5/4
no ip address
shutdown
!
interface Ethernet5/5
no ip address
shutdown
!
interface Ethernet5/6
no ip address
shutdown
!
interface Ethernet5/7
no ip address
shutdown
!
interface Dialer0
ip address 150.50.9.5 255.255.255.192
encapsulation ppp
dialer pool 1
dialer remote-name R2
dialer idle-timeout 60
dialer string 98752222
dialer load-threshold 1 outbound
dialer-group 1
ppp authentication chap
ppp multilink
!
router ospf 1
log-adjacency-changes
network 150.50.7.0 0.0.0.127 area 0
network 150.50.9.0 0.0.0.63 area 0
network 150.50.100.0 0.0.0.31 area 0
network 200.0.0.5 0.0.0.0 area 0
!
ip classless
no ip http server
!
access-list 100 permit ospf any any
access-list 100 dynamic R2 permit tcp any host 150.50.100.2 eq telnet
access-list 101 permit tcp any host 150.50.7.5 eq telnet
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
login local
autocommand access-enable timeout 30
!
end
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:50 GMT-3