Tyson, thanks your response. I feel better now!
-Steve
________________________________
From: Tyson Scott [mailto:[email protected]]
Sent: Wednesday, September 15, 2010 11:10 AM
To: Di Bias, Steve; [email protected]
Subject: RE: [OSL | CCIE_RS] WB Vol 1: Lab 17, Task 17.4
It is the same. Results are achieved.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: [email protected]<mailto:[email protected]>
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit:
www.ipexpert.com/chat<http://www.ipexpert.com/chat>
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio
Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S,
Voice, Security & Service Provider) certification(s) with training locations
throughout the United States, Europe, South Asia and Australia. Be sure to
visit our online communities at
www.ipexpert.com/communities<http://www.ipexpert.com/communities> and our
public website at www.ipexpert.com<http://www.ipexpert.com/>
From: [email protected]
[mailto:[email protected]] On Behalf Of Di Bias, Steve
Sent: Wednesday, September 15, 2010 1:15 PM
To: [email protected]
Subject: [OSL | CCIE_RS] WB Vol 1: Lab 17, Task 17.4
This is a three part task which I have completed successfully, however how I
accomplished part 1 differs from that of the DSG. I'm hoping someone can
clarify something for me here since I seemed to have over-thinked this part of
the task
The task asks the following:
"Configure R8 for VTY access. Create three users. Username "local" password
"ipexpert". If username "local" logs in, outbound telnet sessions should not be
allowed."
Simple enough, I used the following configuration (which achieved the desired
results)
R8(config)#access-list 102 deny tcp any any eq telnet log
R8(config)#username local access-class 102 password ipexpert
R8(config)#line vty 0 4
R8(config-line)#login local
A quick telnet in from R7 clearly shows that this is working since I'm unable
to telnet back out from R8 when logged in as "local"
R8>telnet 200.0.0.5
Trying 200.0.0.5 ...
% Connections to that host not permitted from this terminal
The DSG shows and even simpler approach using the following
"access-list 10 deny any" with "username local access-class 10 password
ipexpert"
Cruising around the interweb I'm seeing that this will also achieve the desired
results by preventing the user from making outbound (telnet|ssh|rlogin)
sessions, so this is the command I should have used, however because mine
achieved the desired results would I have lost points here?
UHS Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution of this information is prohibited, and may be punishable by law.
If this was sent to you in error, please notify the sender by reply e-mail and
destroy all copies of the original message.
UHS Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient (s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution of this information is prohibited. If this was sent to you in
error, please notify the sender by reply e-mail and destroy all copies of the
original message.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
