CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
| Author |
access lists on aux interface
|
monkeyboy
Apetacular!Marmosetastic!
Registered: Jan 2001
Location:
Country: United Kingdom
State:
Certifications:
Working on: CCNP
Total Posts: 93
|
|
 access lists on aux interface
Hello everyone - I know that this is probably a bit simple for all of you but I would really appreciate some help.
I have set up a 1720 for dial access via a modem connected to the router's aux port.
I'm trying to add an access list (starting with standard & working up to extended..) to log messages to the console - initially & then moving on to restricting it as well
however - when I connect to the router via the modem I do not get any console messages -does anyone know why?
here is a sample of my running config:
access-list 10 permit any log
!
line con 0
password frog
login
line aux 0
access-class 10 in
password frog
login
modem InOut
transport input all
speed 115200
flowcontrol hardware
line vty 0 4
access-class 10 in
password frog
login
any ideas?
cheers
Report this post to a moderator
|
|
 12-17-01 10:59 AM
|
|
monkeyboy
Apetacular!Marmosetastic!
Registered: Jan 2001
Location:
Country: United Kingdom
State:
Certifications:
Working on: CCNP
Total Posts: 93
|
|
|
BTW - this is only a testing router - hence no connection to a lan & no enable secret - security etc......
I can get acl messages from telnet sessions (i know ive applied it to vty 0 4 as well..)
but it won't log messages when I remotely dial in....
Report this post to a moderator
|
|
|
12-17-01 11:03 AM
|
|
firechicken
Senior Member/Citizen
Registered: Nov 2000
Location:
Country: United States
State: OR
Certifications: Comp TIA D Minus Certified
Working on: Food Handler
Total Posts: 467
|
|
|
Try grouping your access list to the aux port using the ip access-group 10 in.
I may be mistaken, but give it a shot and let me know. 
Hope this helps.
Last edited by firechicken on 12-17-01 at 03:06 PM
Report this post to a moderator
|
|
|
12-17-01 03:00 PM
|
|
mcoates
Member
Registered: Dec 2001
Location:
Country: New Zealand (Aotearoa)
State:
Certifications: BCom (ComLaw), CCNA, CCNP, Alcatel Submarine Ntwk Mgt Sytms
Working on: CCDA, CCSA
Total Posts: 93
|
|
|
well there are 2 stages to access lists....
- writing them
- applying them to an interface
Have you put the access list on the aux0 interface
Bear in mind that you can only filter in or out based on source ip address for a basic access list, so you will have to have equipment providing traffic at the end of your modem link...
Report this post to a moderator
|
|
|
12-18-01 09:14 AM
|
|
monkeyboy
Apetacular!Marmosetastic!
Registered: Jan 2001
Location:
Country: United Kingdom
State:
Certifications:
Working on: CCNP
Total Posts: 93
|
|
|
Ah - If I'm not plugged into a lan while I'm connected does that mean that the acess-list will not be read - Is it because I don't have an IP?
Report this post to a moderator
|
|
|
12-18-01 09:30 AM
|
|
mcoates
Member
Registered: Dec 2001
Location:
Country: New Zealand (Aotearoa)
State:
Certifications: BCom (ComLaw), CCNA, CCNP, Alcatel Submarine Ntwk Mgt Sytms
Working on: CCDA, CCSA
Total Posts: 93
|
|
|
basic access lists filter on ip address. You cant filter if:
a) you dont filter the right source ip address
b) you dont have a device on the link with that ip address
c) no access list will work if no traffic is being generated...
d) do some show commands to see if packets are being filtered
Report this post to a moderator
|
|
|
12-18-01 09:35 AM
|
|
monkeyboy
Apetacular!Marmosetastic!
Registered: Jan 2001
Location:
Country: United Kingdom
State:
Certifications:
Working on: CCNP
Total Posts: 93
|
|
|
From the running-config - I'm allowing any host to access...
Also I have hooked the PC up to the lan & it has an IP - also the Lan has plenty of traffic
access-list 10 permit any log
!
line con 0
password frog
login
line aux 0
access-class 10 in
Is there no way of creating a standard/extended access-list on a line interface?
what would be the show commands - sh line?
thanks
Report this post to a moderator
|
|
|
12-18-01 10:32 AM
|
|
|
Click here for CCNP study guides
Cisco exam notes
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
