setup Lock & Key ACL

发表于:2007-06-23来源:作者:点击数: 标签:
username foobar password cisco ! int s0 ip address 1.1.1.1 255.255.0.0 ip access-group 101 in ! /* or port 22 for ssh */ access-list 101 permit tcp any host 1.1.1.1 eq telnet access-list 101 dynamic foobar permit ip any any ! line vty 0 2

   
  username foobar password cisco
  !
  int s0
  ip address 1.1.1.1 255.255.0.0
  ip aclearcase/" target="_blank" >ccess-group 101 in
  ! /* or port 22 for ssh */
  access-list 101 permit tcp any host 1.1.1.1 eq telnet

  access-list 101 dynamic foobar permit ip any any
  !
  line vty 0 2
  login local
  autocommand access-enable host timeout 5
  line vty 3 4
  login local
  rotary 1
  
  The first access list allows telnet into the router. Your users will
  telnet into router and authenticate with username foobar and password
  "cisco"
  
  The router will then immediately disconnect the telnet session. When
  they successfully authenticate, an access list with their source IP will
  be added to the dynamic list. Basically, if they authenticate correctly,
  they can come in to the inside network. After 5 mins of inactivty the
  entry will be deleted from the access list.
  
  The vty 3 and 4 are using the rotary command so that you can telnet to
  your router with the command: "telnet 1.1.1.1 3001" This takes you to
  vty 3 (or 4). This way, you can telnet into the router and actually
  manage it. A very subtle but VERY important point. If you forget this,
  you'll be making a trip to use the console port.

原文转自:http://www.ltesting.net