Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
1
Replies

dynamic access-list not work?

teru-lei
Level 1
Level 1

‎12-30-2002 01:55 AM - edited ‎03-02-2019 03:51 AM

Hi all,

I config a dynamic access-list for dynamic control telnet access. But when I connect to the host (my host is 192.168.0.1), there is the following prompt:

List#130-testing already contains this IP address pair

[Connection to 192.168.2.1 closed by foreign host]

And the following is the running config of my remote host:sh run

Building configuration...

Current configuration : 1826 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

aaa new-model

aaa authentication login testin local

enable password cisco

!

username teru privilege 15 password 0 xxxx

username teru autocommand access-enable timeout 5

ip subnet-zero

!

!

ip telnet source-interface FastEthernet0/0

!

ip audit notify log

ip audit po max-events 100

--More-- ip ssh time-out 120

ip ssh authentication-retries 3

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

ip address 192.168.4.1 255.255.255.240

ip ospf network point-to-point

!

interface Loopback2

ip address 192.168.6.1 255.255.255.248

ip ospf network point-to-point

!

interface Loopback3

ip address 12.12.12.12 255.255.255.224

!

--More-- interface Loopback10

ip address 13.14.13.1 255.255.224.0

!

interface FastEthernet0/0

ip address 192.168.2.1 255.255.255.252

no keepalive

duplex auto

speed auto

!

interface Serial0/0

ip address 192.168.0.1 255.255.255.0

ip access-group 130 in

!

interface Serial0/1

no ip address

shutdown

!

router eigrp 1

redistribute ospf 1 metric 1 1 1 1 1

network 192.168.0.0

auto-summary

no eigrp log-neighbor-changes

!

--More-- router ospf 1

router-id 10.10.10.10

log-adjacency-changes

network 12.12.12.0 0.0.0.31 area 0

network 13.14.0.0 0.0.31.255 area 0

network 192.168.2.0 0.0.0.3 area 1

network 192.168.4.0 0.0.0.15 area 1

network 192.168.6.0 0.0.0.7 area 1

!

ip classless

ip http server

ip pim bidir-enable

!

access-list 130 dynamic testing permit ip any any

access-list 130 deny tcp any host 192.168.2.1 eq telnet

access-list 130 permit ip any any

!

!

dial-peer cor custom

!

!

!

!

--More-- !

line con 0

line aux 0

line vty 0 4

exec-timeout 101 40

login authentication testin

autocommand access-enable timeout 5

transport input lat pad v120 mop telnet rlogin udptn nasi ssh

!

end

Router#

Can any one tell me what's wrong? Thank You!

Best Regards

Teru Lei

Labels:
0 Helpful
1 Reply 1

raymong
Level 4
Level 4

‎01-02-2003 09:04 AM

The way I have seen lock and key (dynamic acls) set up, is permit telnet traffic to an interface address, then permit the traffic you want to allow through your router. Take a look at the example in the following link:

http://www.cisco.com/warp/public/707/confaccesslists.html#lock

0 Helpful
Customers Also Viewed These Support Documents