- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
IEWB LAB 10 Ver3.0 VOL 1 - TASK 9 (Lock & Key) posted 01/19/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

 Dear Friends,

The scenario is as below.

R4 (e0/0)<-------------->(FA0/4) SW1( VLAN7)----->

Q) Configure your network so that your administrator must authenticate to
Sw1 using the username  RDP and the password CISCO prior to using the remote
desktop connection on a windows swrver on vlan 7
  -  Once he has authenticated to sw1 he alone should be able to acces the
server in this manner.
 -  The windows server's IP address is
 -  Remote desktop connection is listening at the default TCP port of 3389
 -  To avoid a hikacking of the users active session , ensure that they must
re- authenticate to sw1 every 10 minutes.



username RDP password CISCO

 interface Vlan7
 ip address

interface FastEthernet0/4
 no switchport
 ip address
 ip access-group SECURITY in

ip access-list extended SECURITY
 dynamic REMOTE->DESK permit tcp any host eq 3389
 deny   tcp any host eq 3389
 permit ip any any

line vty 0 4
 password cisco
 login local
 autocommand  access-enable host timeout 10


Now the question I have is , will this access-list "SECURITY" i have
configured on SW1,  deny telnet access from R4 to Sw1 , If R4 tries to
telnet SW1 on port 23 .

As per the solution guide , it says that after the above config, other
Network admins can no longer telnet to sw1 to manage it remotely.

I am a bit confused here, as the access-list is only blocking access to the
particular IP on the particular port and permiting ip any any.
So this should not block other telnet sessions to sw1.

I am not sure if i am missing anything here. Please advice