PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:security:network-security:acl:dynamic-acl-lock-and-key:dynamic-acl-lock-and-key

This is an old revision of the document!


WIP: Cisco: Dynamic ACLs: Lock and Key

configure terminal
!
access-list 101 permit tcp any host 10.1.2.2 eq telnet
access-list 101 dynamic MARKET timeout 3 permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 101 permit eigrp any any
!
! telnet session established again, extends absolute timeout +6 miniutes.
access-list dynamic-extended
!
username john password ccie1234
username fred password ccie5678
username john autocommand access-enable host timeout 1
username fred autocommand access-enable host timeout 2
!
line vyt 0 15
 login local
!
interface GigabitEthernet 0/1
 ip access-group 101 in
!
end
ping 192.168.0.3 source Lo0
ping 192.168.0.3 source Lo1
telnet 10.1.2.2 /source-interface Lo0
ping 192.168.0.3 source Lo0
ping 192.168.0.3 source Lo1
telnet 10.1.2.2 /source-interface Lo1
ping 192.168.0.3 source Lo1
show access-lists

If

access-list dynamic-extended

enabled, telnet again

telnet 10.1.2.2 /source-interface Lo0
telnet 10.1.2.2 /source-interface Lo0

extends 6 minutes

% List#101-MARKET absolute timer is extended

but absolute timeout not extended…. why…

References

tech/network/cisco/security/network-security/acl/dynamic-acl-lock-and-key/dynamic-acl-lock-and-key.1598771727.txt.gz · Last modified: 2020/08/30 16:15 by wnoguchi