From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Fri Jul 08 2005 - 16:30:56 GMT-3
I understand... At the end that's what I did, but I think the essence of
the question was to limit inbound connections by username and router.
This username can only log to R8 if he comes from R7, not somewhere
else.
I checked the command and its purpose is to limit OUTBOUND connections
from that user when he is logged on to the router R8.
I think there's no way, without using tacacs to do this... Or is there?
Thanks
Gustavo
-----Original Message-----
From: Peppe Monterosso (peppemon) [mailto:peppemon@cisco.com]
Sent: sexta-feira, 8 de Julho de 2005 20:27
To: Gustavo Novais; ccielab@groupstudy.com
Subject: RE: user access-class
Gustavo,
What I did was an access list applied to the vty 0 4. This is to allow
just R7 to telnet, and then a normal username XXX password YYYY on R8
Peppe
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Gustavo Novais
Sent: Friday, July 08, 2005 11:55 AM
To: ccielab@groupstudy.com
Subject: user access-class
Hi group
I'm having a doubt here....
Task says to configure R8 so that R7 can telnet into R8 to its s0/0
interface using username XXXX and password YYYY. No other routers or
hosts should be able to telnet to R8 using the same username and
password.
To me it seems like configuring user XXXX access-class 100 password YYYY
with access-list 100 allowing only source IP R7 and destination R8 s0/0.
I configured line vty 0 4 with login local.
The thing is that it is not working!
I go to other routers... and they also can login with that specific
username\password, meaning the access-class is not working... (hum...
should try logging.)
am I missing something?
config:
username XXXX access-class 100 password YYYY
access-list 100 permit ip host 200.0.0.7 host 150.50.5.2 access-list 100
permit ip host 150.50.5.1 host 150.50.5.2
line vty 0 4
login local
!
TIA
Gustavo
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3