access-enable — command
access-enable [host] [timeout
Creates an entry in a dynamic access list
This command enables the Lock and Key feature
. It allows an entry to be made in a dynamic access list for the current session. The
host keyword is optional; it tells the access list to allow access only from the host that initiated the session. The
timeout option specifies the time in
minutes, after which the access list entry is deleted if no traffic matching the entry is seen. In other words, if the connection is idle for the given time, the entry in the access list is deleted and the user must re-authenticate.
access-enable is often used with
autocommand to create a dynamic access list for an incoming telnet session.
This example creates a dynamic access list for the host that made the connection. The access list times out after five minutes.
autocommand access-enable host timeout 5
To make use of this entry, there must be an extended access list like the following:
access-list 110 dynamic incoming-user timeout 5 permit ip any any
This list must be applied to any interfaces that support dial-in users. The
permit part of the statement controls the incoming user’s access to network resources. The timeout in the
access-list command is absolute; the temporary entry exists only for the given number of minutes. It overrides the timeout in the