It is the same. Results are achieved.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Di Bias, Steve Sent: Wednesday, September 15, 2010 1:15 PM To: [email protected] Subject: [OSL | CCIE_RS] WB Vol 1: Lab 17, Task 17.4 This is a three part task which I have completed successfully, however how I accomplished part 1 differs from that of the DSG. I'm hoping someone can clarify something for me here since I seemed to have over-thinked this part of the task The task asks the following: "Configure R8 for VTY access. Create three users. Username "local" password "ipexpert". If username "local" logs in, outbound telnet sessions should not be allowed." Simple enough, I used the following configuration (which achieved the desired results) R8(config)#access-list 102 deny tcp any any eq telnet log R8(config)#username local access-class 102 password ipexpert R8(config)#line vty 0 4 R8(config-line)#login local A quick telnet in from R7 clearly shows that this is working since I'm unable to telnet back out from R8 when logged in as "local" R8>telnet 200.0.0.5 Trying 200.0.0.5 ... % Connections to that host not permitted from this terminal The DSG shows and even simpler approach using the following "access-list 10 deny any" with "username local access-class 10 password ipexpert" Cruising around the interweb I'm seeing that this will also achieve the desired results by preventing the user from making outbound (telnet|ssh|rlogin) sessions, so this is the command I should have used, however because mine achieved the desired results would I have lost points here? UHS Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited, and may be punishable by law. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
