Name
access-enable — command
Synopsis
access-enable [host] [timeout minutes]Configures
Creates an entry in a dynamic access list
Default
None
Description
This command enables the Lock and Key feature
. It allows an entry to be made in a dynamic access list for the current session. The host keyword is optional; it tells the access list to allow access only from the host that initiated the session. The timeout option specifies the time in minutes, after which the access list entry is deleted if no traffic matching the entry is seen. In other words, if the connection is idle for the given time, the entry in the access list is deleted and the user must re-authenticate.
access-enable is often used with autocommand to create a dynamic access list for an incoming telnet session.
Example
This example creates a dynamic access list for the host that made the connection. The access list times out after five minutes.
autocommand access-enable host timeout 5
To make use of this entry, there must be an extended access list like the following:
access-list 110 dynamic incoming-user timeout 5 permit ip any any
This list must be applied to any interfaces that support dial-in users. The permit part of the statement controls the incoming user’s access to network resources. The timeout in the access-list command is absolute; the temporary entry exists only for the given number of minutes. It overrides the timeout in the access-enable command.