RE: Dynamic ACL timeout

From: David Hurtado (dei2viccie@hotmail.com)
Date: Tue Mar 09 2004 - 10:12:15 GMT-3

• Next message: Wright, Jeremy: "RE: bgp books"
• Previous message: istong@stong.org: "RE: bgp books"
• Maybe in reply to: David Hurtado: "Dynamic ACL timeout"
• Next in thread: Gregory W. Posey Jr.: "RE: Dynamic ACL timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Jonathan,

There are two tiemouts: idle and absolute timeouts.

Idle timeout: If the access list entry is not accessed within this period,
it is automatically deleted and requires the user to authenticate again.

Absolute timeout:Specifies the absolute length of time, in minutes, that a
temporary access list entry can remain in a dynamic access list.

So if i want to make the user authenticate every 10 minutes (independently
of if the entry is accessed or not), i will have to use the absolute timeout
in the dynamic ACL.

Please correct me.

Thanks.

>From: "Jonathan Hays" <nomad@gfoyle.org>
>Reply-To: "Jonathan Hays" <nomad@gfoyle.org>
>To: <ccielab@groupstudy.com>
>Subject: RE: Dynamic ACL timeout
>Date: Mon, 8 Mar 2004 20:56:49 -0500
>
>you wrote:
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> >Behalf Of David Hurtado
> >Sent: Monday, March 08, 2004 2:30 PM
> >To: ccielab@groupstudy.com
> >Subject: Dynamic ACL timeout
> >
> >
> >If you are asked to use Dynaminc ACL, ensuring that the user must
> >authenticate every 10 minutes, where do you establish the
> >timeout of 10
> >minutes:
> >
> >access-list 101 dynamic dinamico timeout 10 permit ip any any
> >
> >or in:
> >
> >autocommand access-enable timeout 10
> >
> >Probably both are valid, but i would like to be sure.
> >
> >Thanks a lot for the help
>= = =
>
>You need to read the Configuration Guide a little more carefully for
>'access enable' and 'access-list'. One timeout is an idle timeout and
>the other absolute timeout.
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
>fsecur_c/ftrafwl/scflock.htm#1001078
>
>HTH,
>
>Jonathan
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Wright, Jeremy: "RE: bgp books"
• Previous message: istong@stong.org: "RE: bgp books"
• Maybe in reply to: David Hurtado: "Dynamic ACL timeout"
• Next in thread: Gregory W. Posey Jr.: "RE: Dynamic ACL timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:16 GMT-3