Hi all,
Looking at Task 4 in LAB 17 Volume 1. In brief the specific task I am looking at: [Username "Unlock" password "NOW..." Telnet access to R8 should not be allowed from devices behind R7 until user "Unlock" from R7 has authenticated. Once "Unlock" is authenticated, "Test" should be able to log in from any device.] As I have not had much experience with doing such granular vty access control, I need some guidane on this. I think I get the ACL part of the configuration, however in the DSG it mentions binding the access-class to Serial 0/0/0. As I am keen to try new and different things I did attempt this, and found that it is not possible. access-class coomand is not accepted as a suitable interface command. If the DSG is guiding you to do the following on R8: username Unlock autocommand access-enable username Unlock password NOW... access-list 102 permit tcp host 150.100.78.7 any access-list 102 dynamic TELNET permit ip any any access-list 102 deny tcp any host 100.100.200.8 access-list 102 deny tcp any host 150.100.81.8 access-list 102 deny tcp any host 150.100.78.8 access-list 102 deny tcp any host 200.0.0.8 access-list 102 permit ip any any int s0/0/0 access-class in 102 To double check, I have looked at the IOS command reference and it all points to access-class been associated with vty's. Is there another way of doing this? You could restrict telnet access to R8 coming from R7 by doing an ACL on R7, BUT that doesnt accomodate the requirement to allow telnet once user Unlock is authnenticated. Look forward to some opinions / advise. Regards _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
