| Author |
access lists on aux interface
|
|
| monkeyboy 2001-12-17, 5:59 am |
| Hello everyone - I know that this is probably a bit simple for all of you but I would really appreciate some help.
I have set up a 1720 for dial access via a modem connected to the router's aux port.
I'm trying to add an access list (starting with standard & working up to extended..) to log messages to the console - initially & then moving on to restricting it as well
however - when I connect to the router via the modem I do not get any console messages -does anyone know why?
here is a sample of my running config:
access-list 10 permit any log
!
line con 0
password frog
login
line aux 0
access-class 10 in
password frog
login
modem InOut
transport input all
speed 115200
flowcontrol hardware
line vty 0 4
access-class 10 in
password frog
login
any ideas?
cheers | |
| monkeyboy 2001-12-17, 6:03 am |
| BTW - this is only a testing router - hence no connection to a lan & no enable secret - security etc......
I can get acl messages from telnet sessions (i know ive applied it to vty 0 4 as well..)
but it won't log messages when I remotely dial in.... | |
| firechicken 2001-12-17, 10:00 am |
| Try grouping your access list to the aux port using the ip access-group 10 in.
I may be mistaken, but give it a shot and let me know. 
Hope this helps. | |
| mcoates 2001-12-18, 4:14 am |
| well there are 2 stages to access lists....
- writing them
- applying them to an interface
Have you put the access list on the aux0 interface
Bear in mind that you can only filter in or out based on source ip address for a basic access list, so you will have to have equipment providing traffic at the end of your modem link... | |
| monkeyboy 2001-12-18, 4:30 am |
| Ah - If I'm not plugged into a lan while I'm connected does that mean that the acess-list will not be read - Is it because I don't have an IP? | |
| mcoates 2001-12-18, 4:35 am |
| basic access lists filter on ip address. You cant filter if:
a) you dont filter the right source ip address
b) you dont have a device on the link with that ip address
c) no access list will work if no traffic is being generated...
d) do some show commands to see if packets are being filtered | |
| monkeyboy 2001-12-18, 5:32 am |
| From the running-config - I'm allowing any host to access...
Also I have hooked the PC up to the lan & it has an IP - also the Lan has plenty of traffic
access-list 10 permit any log
!
line con 0
password frog
login
line aux 0
access-class 10 in
Is there no way of creating a standard/extended access-list on a line interface?
what would be the show commands - sh line?
thanks |
|
|
|