Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Lock And Key problem

Hi,

I am trying to use the lock&key feature on a 2811 router applying the following configuration:

interface fast0/1

ip access-group 101 in

interface vlan2

ip access-group 101 in

access-list 101 permit tcp any host 195.X.X.X eq telnet

access-list 101 dynamic acceso_kalisto permit ip any any

line vty 0 15

autocommand access-enable host timeout 20

exit

username xxx password xxx

Altough I have only applied the ACL on 2 interfaces (FastEthernet0/1 and VLAN2), when I try to telnet the router from another interface (FastEthernet0/0) I get this error message:

% No input access group defined for FastEthernet0/0.

Am I forced to apply an ACL on ALL of the router interfaces for Lock&Key to work? why ?

Thanks in advance.

1 REPLY

Re: Lock And Key problem

As you may know, lock-and-key creates dynamic ACE once the user is authenticated by the router on telneting into it. If there's no ACL applied on F0/0 then there's no need for this feature enabled at all as all traffic is allowed through this interface. You don't need to apply the ACL on all the interfaces but apply on the interfaces that you want to allow the user traffic to traverse only on successful authentication.

HTH

Sundar

326
Views
0
Helpful
1
Replies