Name
access-enable — command
Synopsis
access-enable [host] [timeout minutes]Configures
Creates an entry in a dynamic access list
Default
None
Description
This command enables the Lock and Key feature. It allows an
entry to be made in a dynamic access list for the current
session. The host keyword is optional; it tells
the access list to allow access only from the host that initiated the
session. The timeout option specifies the time in
minutes after which the access list entry
is deleted if no traffic matching the entry is seen. In other words,
if the connection is idle for the given time, the entry in the access
list is deleted and the user must re-authenticate.
access-enable is often used with
autocommand to create a dynamic access list for an
incoming telnet
session.
Example
This example creates a dynamic access list for the host that made the connection. The access list times out after five minutes.
autocommand access-enable host timeout 5
To make use of this entry, there must be an extended access list like the following:
access-list 110 dynamic incoming-user timeout 5 permit ip any any
This list must be applied to any interfaces that support dial-in
users. The permit part of the statement controls
the incoming user’s access to network resources. The timeout in
the access-list command is absolute; the temporary
entry exists only for the given number of minutes. It overrides the
timeout in the access-enable command.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access