configure terminal ! access-list 101 permit tcp any host 10.1.2.2 eq telnet access-list 101 dynamic MARKET timeout 3 permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255 access-list 101 permit eigrp any any ! ! telnet session established again, extends absolute timeout +6 miniutes. access-list dynamic-extended ! username john password ccie1234 username fred password ccie5678 username john autocommand access-enable host timeout 1 username fred autocommand access-enable host timeout 2 ! line vyt 0 15 login local ! interface GigabitEthernet 0/1 ip access-group 101 in ! end
ping 192.168.0.3 source Lo0 ping 192.168.0.3 source Lo1 telnet 10.1.2.2 /source-interface Lo0 ping 192.168.0.3 source Lo0 ping 192.168.0.3 source Lo1 telnet 10.1.2.2 /source-interface Lo1 ping 192.168.0.3 source Lo1
show access-lists
If
access-list dynamic-extended
enabled, telnet again
! First authentication by fred telnet 10.1.2.2 /source-interface Lo0 ! Second authentication by fred telnet 10.1.2.2 /source-interface Lo0
extends 6 minutes
% List#101-MARKET absolute timer is extended
but absolute timeout not extended…. why…
Needs physical equipment lab?