From: Yasser Aly (blackyeyes00@hotmail.com)
Date: Mon Feb 09 2004 - 22:51:10 GMT-3
Hello,
I need your help in understanding Lock-and-Key ACL as I am confused in
understanding some of its terms.
Considering the following example:
-----------------
username name password password
interface ethernet0
ip address 172.18.23.9 255.255.255.0
ip access-group 101 in
access-list 101 permit tcp any host 172.18.23.2 eq telnet
access-list 101 dynamic mytestlist timeout 120 permit ip any any
line vty 0
login local
autocommand access-enable timeout 5
----------------
I have the following questions:
1- The permitted destination to telnet at is: 172.18.23.2, shouldn't this IP
be the IP defined on the
ethernet interface ? If not, then kindly explain.
2- If the user will be logged off automatically once logged successfully to
the router and the dynamic ACL entry was created, what does the timeout 5
represent in the autocommand ?
3- What are the units of timeout defined in the autocommand and access-list
commands? Is it seconds or minutes ?
4- Will the dynamic entry expire after a pre-defined time ( 5 or 120 ??? )
whether or not the user is doing an activity. Like allowing the user to
access the resources for 5 minutes and then remove the ACL entry, or this
idletimeout will be counted as a real idle-timeout of non-activity from the
user.
Thanks for your help.
Regards,
Yasser
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:48 GMT-3