Yes Adams is right. interface serial 0/0/0 *access-class 102 in*
*should be * interface serial 0/0/0 ip access-group 102 in On Fri, Jan 6, 2012 at 9:25 AM, Adam Booth <[email protected]> wrote: > Hi Ryan, > > This definitely sounds like a job for lock and key. Perhaps the DSG is in > error and it should be "ip access-group 102 in" on R8 interface s0/0/0 > > Cheers, > Adam > > > > On Fri, Jan 6, 2012 at 5:13 PM, ryanhanly <[email protected]> wrote: > > > Hi all, > > > > > > Looking at Task 4 in LAB 17 Volume 1. In brief the specific task I am > > looking at: > > > > [Username "Unlock" password "NOW..." Telnet access to R8 should not be > > allowed from devices behind R7 until user "Unlock" from R7 has > > authenticated. Once "Unlock" is authenticated, "Test" should be able to > log > > in from any device.] > > > > > > As I have not had much experience with doing such granular vty access > > control, I need some guidane on this. I think I get the ACL part of the > > configuration, however in the DSG it mentions binding the access-class to > > Serial 0/0/0. As I am keen to try new and different things I did attempt > > this, and found that it is not possible. access-class coomand is not > > accepted as a suitable interface command. > > > > > > If the DSG is guiding you to do the following on R8: > > > > > > username Unlock autocommand access-enable > > username Unlock password NOW... > > access-list 102 permit tcp host 150.100.78.7 any > > access-list 102 dynamic TELNET permit ip any any > > access-list 102 deny tcp any host 100.100.200.8 > > access-list 102 deny tcp any host 150.100.81.8 > > access-list 102 deny tcp any host 150.100.78.8 > > access-list 102 deny tcp any host 200.0.0.8 > > access-list 102 permit ip any any > > int s0/0/0 > > access-class in 102 > > > > > > To double check, I have looked at the IOS command reference and it all > > points to access-class been associated with vty's. > > > > > > Is there another way of doing this? > > > > You could restrict telnet access to R8 coming from R7 by doing an ACL on > > R7, BUT that doesnt accomodate the requirement to allow telnet once user > > Unlock is authnenticated. > > > > > > Look forward to some opinions / advise. > > > > > > Regards > > > > ______________________________**_________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/**mailman/listinfo/ccie_rs< > http://onlinestudylist.com/mailman/listinfo/ccie_rs> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > -- -- Olugbenga Oyebande MD, DAIT 234-803-302-5287 http://www.dait-ng.com Cisco Unified Network, VPN DAIT Enterprise Network Servers Broadband Internet Deployment & ISP Consultancy _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
