What is Matt's email that we are supposed to send workbook corrections to? This looks like a candidate.
Regards, Jay McMickle- CCNP,CCSP,CCDP Sent from my iPhone http://mycciepursuit.wordpress.com On Jan 6, 2012, at 4:35 AM, Oluwagbenga Oyebande <[email protected]> wrote: > Yes Adams is right. > > interface serial 0/0/0 > *access-class 102 in* > > > *should be * > > interface serial 0/0/0 > ip access-group 102 in > > > > > On Fri, Jan 6, 2012 at 9:25 AM, Adam Booth <[email protected]> wrote: > >> Hi Ryan, >> >> This definitely sounds like a job for lock and key. Perhaps the DSG is in >> error and it should be "ip access-group 102 in" on R8 interface s0/0/0 >> >> Cheers, >> Adam >> >> >> >> On Fri, Jan 6, 2012 at 5:13 PM, ryanhanly <[email protected]> wrote: >> >>> Hi all, >>> >>> >>> Looking at Task 4 in LAB 17 Volume 1. In brief the specific task I am >>> looking at: >>> >>> [Username "Unlock" password "NOW..." Telnet access to R8 should not be >>> allowed from devices behind R7 until user "Unlock" from R7 has >>> authenticated. Once "Unlock" is authenticated, "Test" should be able to >> log >>> in from any device.] >>> >>> >>> As I have not had much experience with doing such granular vty access >>> control, I need some guidane on this. I think I get the ACL part of the >>> configuration, however in the DSG it mentions binding the access-class to >>> Serial 0/0/0. As I am keen to try new and different things I did attempt >>> this, and found that it is not possible. access-class coomand is not >>> accepted as a suitable interface command. >>> >>> >>> If the DSG is guiding you to do the following on R8: >>> >>> >>> username Unlock autocommand access-enable >>> username Unlock password NOW... >>> access-list 102 permit tcp host 150.100.78.7 any >>> access-list 102 dynamic TELNET permit ip any any >>> access-list 102 deny tcp any host 100.100.200.8 >>> access-list 102 deny tcp any host 150.100.81.8 >>> access-list 102 deny tcp any host 150.100.78.8 >>> access-list 102 deny tcp any host 200.0.0.8 >>> access-list 102 permit ip any any >>> int s0/0/0 >>> access-class in 102 >>> >>> >>> To double check, I have looked at the IOS command reference and it all >>> points to access-class been associated with vty's. >>> >>> >>> Is there another way of doing this? >>> >>> You could restrict telnet access to R8 coming from R7 by doing an ACL on >>> R7, BUT that doesnt accomodate the requirement to allow telnet once user >>> Unlock is authnenticated. >>> >>> >>> Look forward to some opinions / advise. >>> >>> >>> Regards >>> >>> ______________________________**_________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/**mailman/listinfo/ccie_rs< >> http://onlinestudylist.com/mailman/listinfo/ccie_rs> >>> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > > > -- > -- > Olugbenga Oyebande > MD, DAIT > 234-803-302-5287 > http://www.dait-ng.com > Cisco Unified Network, VPN > DAIT Enterprise Network Servers > Broadband Internet Deployment & ISP Consultancy > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
