GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
IEWB LAB 10 Ver3.0 VOL 1 - TASK 9 (Lock & Key) posted 01/19/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


 Dear Friends,

The scenario is as below.

R4 (e0/0)<-------------->(FA0/4) SW1( VLAN7)----->164.1.7.0/24
               164.1.47.0


Q) Configure your network so that your administrator must authenticate to
Sw1 using the username  RDP and the password CISCO prior to using the remote
desktop connection on a windows swrver on vlan 7
  -  Once he has authenticated to sw1 he alone should be able to acces the
server in this manner.
 -  The windows server's IP address is 164.1.7.100
 -  Remote desktop connection is listening at the default TCP port of 3389
 -  To avoid a hikacking of the users active session , ensure that they must
re- authenticate to sw1 every 10 minutes.

A)

   SW1#

username RDP password CISCO

 interface Vlan7
 ip address 164.1.7.7 255.255.255.0


interface FastEthernet0/4
 no switchport
 ip address 164.1.47.7 255.255.255.0
 ip access-group SECURITY in

ip access-list extended SECURITY
 dynamic REMOTE->DESK permit tcp any host 164.1.7.100 eq 3389
 deny   tcp any host 164.1.7.100 eq 3389
 permit ip any any


line vty 0 4
 password cisco
 login local
 autocommand  access-enable host timeout 10

-------------------------------------------------------------------------------

Now the question I have is , will this access-list "SECURITY" i have
configured on SW1,  deny telnet access from R4 to Sw1 , If R4 tries to
telnet SW1 on  164.1.47.7 port 23 .

As per the solution guide , it says that after the above config, other
Network admins can no longer telnet to sw1 to manage it remotely.

I am a bit confused here, as the access-list is only blocking access to the
particular IP on the particular port and permiting ip any any.
So this should not block other telnet sessions to sw1.

I am not sure if i am missing anything here. Please advice