Re: Lock&key access-list idle timeout

From: David Ankers (d.ankers@xxxxxxxxx)
Date: Tue Feb 13 2001 - 08:32:40 GMT-3

• Next message: Chan, Echo: "RE: SAR DELAY"
• Previous message: McCallum, Robert: "SAR DELAY"
• Maybe in reply to: zhuqingliu: "Lock&key access-list idle timeout"
• Next in thread: Les Hardin: "Re: Lock&key access-list idle timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Yeap, traffic from users will never reset the absolute timeout, that's what
the absolute means. Regardless of what the user is doing, the dynamic entry
will be removed in your example after 15 mins. So as you say the user will
have to login to the router again. What you are looking for is an idle timer
as far as *I* know these do not exist with lock & key.

On Monday 12 February 2001 12:50, zhuqingliu wrote:
> Hi, Dave,
>
> You mean that to reset the idle timeout people must login in the
> router again? If yes, then the absolute timeout will be meaningless.
 In my
> opinion, traffic from the user will reset the idle timeout. But the lab
> tell me it is not true. Thanks.
>
> Regards,
> Perry
>
>
> ----- Original Message -----
> From: David Ankers <d.ankers@chello.nl>
> To: zhuqingliu <zql@liming.com>; <ccielab@groupstudy.com>
> Sent: Monday, February 12, 2001 9:39 PM
> Subject: Re: Lock&key access-list idle timeout
>
>
>
> > Depends what you mean by time out you have got two configured, a 15 mins
> >
 absolute time out which will remove the entry regardless after 15mins
> > and a login timeout of 3 mins, which says if a login is successful, the
> > user has 3 mins to activate the dynamic entry before having to log in
> > again.
> > If you want 15 mins as the absolute, your config looks fine.
> >
> > Dave.
> >
> >
> > On Monday 12 February 2001 02:16, zhuqingliu wrote:
> >
> > > Hi, all
> > >
> > > The lock&key access-list idle timeout doesn't take effectivly.
> > > ===========================================
> > > username zql password 0 liming
> > > !
> > > access-list 168 permit tcp any host 132.3.3.3 eq telnet
> > > access-list 168 permit ospf any any
> > > access-list 168 permit tcp any eq bgp any
> > > access-list 168 permit tcp any any eq bgp
> > > access-list 168 permit tcp any eq 2065 any
> > > access-list 168 permit tcp any any eq 2065
> > > access-list 168 dynamic testlist timeout 15 permit ip any any
> > > !
> > > line vty 0 4
> > > password cisco
> > > autocommand access-enable host timeout 3
> > > ===========================================
> > > The dynamic access list will timeout within 3 minutes.
> > >
> > > IOS version is: 12.0(14)
> > >
> > >
> > >
> > > Best regards
> > > Perry.Zhu
> > >
> > >

• Next message: Chan, Echo: "RE: SAR DELAY"
• Previous message: McCallum, Robert: "SAR DELAY"
• Maybe in reply to: zhuqingliu: "Lock&key access-list idle timeout"
• Next in thread: Les Hardin: "Re: Lock&key access-list idle timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:46 GMT-3