This is a three part task which I have completed successfully, however how I
accomplished part 1 differs from that of the DSG. I'm hoping someone can
clarify something for me here since I seemed to have over-thinked this part of
the task
The task asks the following:
"Configure R8 for VTY access. Create three users. Username "local" password
"ipexpert". If username "local" logs in, outbound telnet sessions should not be
allowed."
Simple enough, I used the following configuration (which achieved the desired
results)
R8(config)#access-list 102 deny tcp any any eq telnet log
R8(config)#username local access-class 102 password ipexpert
R8(config)#line vty 0 4
R8(config-line)#login local
A quick telnet in from R7 clearly shows that this is working since I'm unable
to telnet back out from R8 when logged in as "local"
R8>telnet 200.0.0.5
Trying 200.0.0.5 ...
% Connections to that host not permitted from this terminal
The DSG shows and even simpler approach using the following
"access-list 10 deny any" with "username local access-class 10 password
ipexpert"
Cruising around the interweb I'm seeing that this will also achieve the desired
results by preventing the user from making outbound (telnet|ssh|rlogin)
sessions, so this is the command I should have used, however because mine
achieved the desired results would I have lost points here?
UHS Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient (s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution of this information is prohibited. If this was sent to you in
error, please notify the sender by reply e-mail and destroy all copies of the
original message.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
