Responding to my own email.............
I found that you don't have to set "autocommand access-enable" on the vty
ports themselves, that you can actually apply this to a username:
username jim pass foo
username jim autocommand access-enable host
and then jim would use dynamic access lists, other logins not configured
for autocommand access-enable host would get normal CLI access to the
router.
Brian
On Mon, 13 Nov 2000, Brian wrote:
>
> I have a question regarding lock and key. If I configure my vty's for
> "autocommand access-enable host", then how can I telnet to my router? I
> mean, from then on out it will just log you out after logging in (and
> "set" the dynamic access-list). What if I have a router with s0 (wan
> side/internet) and e0 (lan side), and I want to be able to telnet to the
> router, to configure it from the lan side, and I want users to be able to
> telnet to the router from the wan side to set lock and key...........is
> this even possible?
>
> From what I am seeing, is that once lock and key is in effect on vty's,
> you:
>
> 1. have to have an input access list on the interface you enter the router
> on (else it complains)
> 2. are immediatly logged out, and the dynamic access-list set, and their
> is no way to get "into" the router via vty.
>
> Brian
>
>
> -----------------------------------------------
> Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
> Network Administrator
> ShreveNet Inc. (ASN 11881)
>
>
-----------------------------------------------
Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
