O'Reilly logo

Cisco IOS in a Nutshell, 2nd Edition by James Boney

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Name

access-enable — command

Synopsis

access-enable [host] [timeout minutes]

Configures

Creates an entry in a dynamic access list

Default

None

Description

This command enables the Lock and Key feature . It allows an entry to be made in a dynamic access list for the current session. The host keyword is optional; it tells the access list to allow access only from the host that initiated the session. The timeout option specifies the time in minutes, after which the access list entry is deleted if no traffic matching the entry is seen. In other words, if the connection is idle for the given time, the entry in the access list is deleted and the user must re-authenticate.

access-enable is often used with autocommand to create a dynamic access list for an incoming telnet session.

Example

This example creates a dynamic access list for the host that made the connection. The access list times out after five minutes.

autocommand access-enable host timeout 5

To make use of this entry, there must be an extended access list like the following:

access-list 110 dynamic incoming-user timeout 5 permit ip any any

This list must be applied to any interfaces that support dial-in users. The permit part of the statement controls the incoming user’s access to network resources. The timeout in the access-list command is absolute; the temporary entry exists only for the given number of minutes. It overrides the timeout in the access-enable command.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required