Re: user access-class

From: Ed Lui (edwlui@gmail.com)
Date: Fri Jul 08 2005 - 17:42:59 GMT-3

• Next message: Edwards, Andrew M: "RE: custom queue"
• Previous message: Brian Dennis: "RE: IEWB Routing & Switching?"
• Maybe in reply to: Gustavo Novais: "user access-class"
• Next in thread: Brian Lee: "Re: user access-class"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I look at it a different way. Just not sure if it is exactly the task
ask(worded) you to do. The task says
"R7 can telnet into R8 to its s0/0 interface"
 So I would create an access-list to allow only R7 telnet to R8, apply the
access-list on int s0/0. Then create the username and password, apply login
local under vty 0 XXX.
 HTH,
 Ed Lui

 On 7/8/05, Gustavo Novais <gustavo.novais@novabase.pt> wrote:
>
> I understand... At the end that's what I did, but I think the essence of
> the question was to limit inbound connections by username and router.
> This username can only log to R8 if he comes from R7, not somewhere
> else.
>
> I checked the command and its purpose is to limit OUTBOUND connections
> from that user when he is logged on to the router R8.
>
> I think there's no way, without using tacacs to do this... Or is there?
>
> Thanks
>
> Gustavo
>
>
> -----Original Message-----
> From: Peppe Monterosso (peppemon) [mailto:peppemon@cisco.com]
> Sent: sexta-feira, 8 de Julho de 2005 20:27
> To: Gustavo Novais; ccielab@groupstudy.com
> Subject: RE: user access-class
>
> Gustavo,
> What I did was an access list applied to the vty 0 4. This is to allow
> just R7 to telnet, and then a normal username XXX password YYYY on R8
>
> Peppe
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Gustavo Novais
> Sent: Friday, July 08, 2005 11:55 AM
> To: ccielab@groupstudy.com
> Subject: user access-class
>
> Hi group
>
> I'm having a doubt here....
>
> Task says to configure R8 so that R7 can telnet into R8 to its s0/0
> interface using username XXXX and password YYYY. No other routers or
> hosts should be able to telnet to R8 using the same username and
> password.
>
> To me it seems like configuring user XXXX access-class 100 password YYYY
> with access-list 100 allowing only source IP R7 and destination R8 s0/0.
> I configured line vty 0 4 with login local.
>
> The thing is that it is not working!
>
> I go to other routers... and they also can login with that specific
> username\password, meaning the access-class is not working... (hum...
> should try logging.)
> am I missing something?
>
>
> config:
>
>
> username XXXX access-class 100 password YYYY
>
> access-list 100 permit ip host 200.0.0.7 <http://200.0.0.7> host
> 150.50.5.2 <http://150.50.5.2> access-list 100
> permit ip host 150.50.5.1 <http://150.50.5.1> host
150.50.5.2<http://150.50.5.2>
>
> line vty 0 4
> login local
> !
>
>
> TIA
>
> Gustavo
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Edwards, Andrew M: "RE: custom queue"
• Previous message: Brian Dennis: "RE: IEWB Routing & Switching?"
• Maybe in reply to: Gustavo Novais: "user access-class"
• Next in thread: Brian Lee: "Re: user access-class"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3