Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
1
Replies

Lock And Key problem

s.debenito
Level 1
Level 1

‎10-23-2006 07:37 AM - edited ‎03-09-2019 04:38 PM

Hi,

I am trying to use the lock&key feature on a 2811 router applying the following configuration:

interface fast0/1

ip access-group 101 in

interface vlan2

ip access-group 101 in

access-list 101 permit tcp any host 195.X.X.X eq telnet

access-list 101 dynamic acceso_kalisto permit ip any any

line vty 0 15

autocommand access-enable host timeout 20

exit

username xxx password xxx

Altough I have only applied the ACL on 2 interfaces (FastEthernet0/1 and VLAN2), when I try to telnet the router from another interface (FastEthernet0/0) I get this error message:

% No input access group defined for FastEthernet0/0.

Am I forced to apply an ACL on ALL of the router interfaces for Lock&Key to work? why ?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

sundar.palaniappan
Level 10
Level 10

‎10-25-2006 04:42 PM

As you may know, lock-and-key creates dynamic ACE once the user is authenticated by the router on telneting into it. If there's no ACL applied on F0/0 then there's no need for this feature enabled at all as all traffic is allowed through this interface. You don't need to apply the ACL on all the interfaces but apply on the interfaces that you want to allow the user traffic to traverse only on successful authentication.

HTH

Sundar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents