Yes, I fought this one before.......
As configured, everyone coming into the router on a vty cannot telnet into
the router - only through it.
If you need to connect to the router, use the autocommand line on every
username line.
Use one username without the autocommand to access the router.
so something like this:
username test password test
username test autocommand access-enable timeout 5
username happy password happy
username happy autocommand access-enable timeout 5
!
username letmein password cisco
The username "letmein" will be allowed to telnet into the router.
The bummer of course is that the users that should only need to pass through
the router now need two lines of config.
Kevin Wigle
----- Original Message -----
From: "Andy Net" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, 11 March, 2001 22:39
Subject: can't use regular telnet after Lock-and-Key configured ?
> After I configured the router using Lock-and-Key (Dynamic access-list), I
> can't use
> the regular telnet to go into the system for some maintenance tasks, seems
> like all
> the usernames are tightly bound to Lock-and-Key feature.
> Any workaround ?
>
> Thanks in advance
> Andy
>
> configure of the router:
> ----------------------------
> Current configuration:
> !
> version 12.0
> service password-encryption
> !
> hostname Rabbit
> !
> enable secret 5 $1$yKHa$nUhLHTLUhTRw6quNKtdvE.
> !
> username test password 7 111D1C1603
> username abc password 7 01120407
> username me password 7 060B0A
> !
> !
> !
> !
> ip subnet-zero
> no ip domain-lookup
> !
> frame-relay switching
> !
> !
> process-max-time 200
> !
> interface Ethernet0
> ip address 10.1.1.3 255.255.255.0
> ip access-group 102 in
> no ip directed-broadcast
> !
> interface Serial0
> bandwidth 192
> ip address 192.168.18.1 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> ip split-horizon
> no fair-queue
> no frame-relay inverse-arp IP 20
> no frame-relay inverse-arp NOVELL 20
> no frame-relay inverse-arp APPLETALK 20
> frame-relay local-dlci 20
> frame-relay intf-type dce
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> router rip
> redistribute static metric 1
> network 10.0.0.0
> network 192.168.18.0
> !
> no ip http server
> ip classless
> !
> logging trap Unknown
> access-list 102 permit tcp any host 10.1.1.3 eq telnet
> access-list 102 dynamic myTest timeout 5 permit ip any any
> !
> line con 0
> exec-timeout 30 0
> logging synchronous
> history size 256
> transport input none
> line 1 16
> transport input all
> line aux 0
> transport input all
> line vty 0 4
> login local
> autocommand access-enable timeout 5
> !
> end
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
