Section 10 – IP Services – 4 Points
Configure your network so that telnet sessions from r6 can reach other routers by their DNS names. This sounds like a simple matter of just assigning host names to the routers’ loopback addresses. But they also specify a DNS server IP address. There’s also this:
“This configuration should not affect any other [that vty 0 4] lines on r6”
The solution is very simple:
r6(config)#ip name-server 18.104.22.168
And then it gets weird:
r6(config)#line con 0
r6(config-line)#transport preferred none
I say weird because one of the requirements is “if a user mistypes a command while on the console port it should not try to look it up in DNS.” Generally, “no ip domain-lookup” takes care of this. It turns out that “transport preferred none” will handle this as well, but at the line level. So as long as you are connected via the console port you’ll be fine. Turning on “ip domain-lookup” globally will ensure that all other users (not on the console port) will endure the frustration of DNS lookups for fat-fingered commands.
10.2 Local Authorization
Configure r6 so that NOC users login (via telnet) at privilege level 2 and can only see the running configuration for hostname, interfaces, interface encapsulations, and any IP access-lists applied to interfaces.
r6(config)#username NOC privilege 2 password CISCO
r6(config-line)#do sh run | sec vty
line vty 0 4
r6(config)#line vty 0 4
Now to configure what options privilege level 2 users can see:
privilege interface level 2 ip access-group
privilege interface level 2 ip <- IOS added this
privilege interface level 2 encapsulation
privilege configure level 2 interface
privilege configure level 2 hostname
privilege exec level 2 show running-config
privilege exec level 2 show <- IOS added this
Testing it out:
Trying 22.214.171.124 … Open
User Access Verification
Current privilege level is 2
Current configuration : 204 bytes
interface Serial0/0.1 multipoint
That looks right except for the encapsulation. s0/0 is configured for Frame-Relay and that should show up. If I changed it to “privilege interface level 2 encapsulation frame-relay” then it would work.
I also don’t understand why IE did not set up a NOC username and login local under the vty line.