Hi Ryan, This definitely sounds like a job for lock and key. Perhaps the DSG is in error and it should be "ip access-group 102 in" on R8 interface s0/0/0
Cheers, Adam On Fri, Jan 6, 2012 at 5:13 PM, ryanhanly <[email protected]> wrote: > Hi all, > > > Looking at Task 4 in LAB 17 Volume 1. In brief the specific task I am > looking at: > > [Username "Unlock" password "NOW..." Telnet access to R8 should not be > allowed from devices behind R7 until user "Unlock" from R7 has > authenticated. Once "Unlock" is authenticated, "Test" should be able to log > in from any device.] > > > As I have not had much experience with doing such granular vty access > control, I need some guidane on this. I think I get the ACL part of the > configuration, however in the DSG it mentions binding the access-class to > Serial 0/0/0. As I am keen to try new and different things I did attempt > this, and found that it is not possible. access-class coomand is not > accepted as a suitable interface command. > > > If the DSG is guiding you to do the following on R8: > > > username Unlock autocommand access-enable > username Unlock password NOW... > access-list 102 permit tcp host 150.100.78.7 any > access-list 102 dynamic TELNET permit ip any any > access-list 102 deny tcp any host 100.100.200.8 > access-list 102 deny tcp any host 150.100.81.8 > access-list 102 deny tcp any host 150.100.78.8 > access-list 102 deny tcp any host 200.0.0.8 > access-list 102 permit ip any any > int s0/0/0 > access-class in 102 > > > To double check, I have looked at the IOS command reference and it all > points to access-class been associated with vty's. > > > Is there another way of doing this? > > You could restrict telnet access to R8 coming from R7 by doing an ACL on > R7, BUT that doesnt accomodate the requirement to allow telnet once user > Unlock is authnenticated. > > > Look forward to some opinions / advise. > > > Regards > > ______________________________**_________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/**mailman/listinfo/ccie_rs<http://onlinestudylist.com/mailman/listinfo/ccie_rs> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
