Re: dynamic acl (absolute timeout)

From: Daniel Kutchin (daniel@kutchin.com)
Date: Sun Oct 30 2005 - 20:27:00 GMT-3

• Next message: Pankaj S: "RE: dynamic acl (absolute timeout)"
• Previous message: Schulz, Dave: "RE: ipv6"
• Maybe in reply to: George Cosmo: "dynamic acl (absolute timeout)"
• Next in thread: Pankaj S: "RE: dynamic acl (absolute timeout)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Let's not confuse the poor guy!

According to the link

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#lockandkey

--- Quote begins ---

This is a basic example of lock and key.
username test password 0 test

!--- 10 (minutes) is the idle timeout.

username test autocommand access-enable host timeout 10

interface Ethernet0/0
  ip address 10.1.1.1 255.255.255.0
  ip access-group 101 in

access-list 101 permit tcp any host 10.1.1.1 eq telnet

!--- 15 (minutes) is the absolute timeout.

access-list 101 dynamic testlist timeout 15 permit ip 10.1.1.0 0.0.0.255
172.16.1.0 0.0.0.255

--- Quote ends ---

You will never see the absolute timeout displayed by "sho access-list". Just
the idle timeout.

---
Daniel
----- Original Message ----- 
From: "Dave Temkin" <dave@ordinaryworld.com>
To: "George Cosmo" <george.cosmo@gmail.com>
Cc: "Cisco certification" <ccielab@groupstudy.com>
Sent: Sunday, October 30, 2005 11:58 PM
Subject: Re: dynamic acl (absolute timeout)
The timeout specified on the username blah access-enable is the absolute
timeout.
You then specify an idle timeout on the dynamic test2 pemrit any any
timeout (it defaults to 300 seconds)
-Dave
On Sun, 30 Oct 2005, George Cosmo wrote:
> Router(config)#access-list 184 dynamic test2 timeout ?
> *<1-9999> Maximum time to live* -------->* is this in minutes . as per
> explanation *
>
> then how do i read this:
>
> Router#sh access-lists 184
> Extended IP access list 184
> permit tcp any host x.x.x.x eq telnet (80 matches)
> Dynamic test2 permit ip any any
> *permit ip any any (40 matches) (time left 277) --> i have noticed it
> always
> starts at 300 ( what is this value)*
>
> is the time left in seconds? or is it is seconds, i should see this start
> at
> 600 sec, as I have set asboulte timeoute to 10 min.
>
> any ideas??
>
> thanks in advance !!!!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Pankaj S: "RE: dynamic acl (absolute timeout)"
• Previous message: Schulz, Dave: "RE: ipv6"
• Maybe in reply to: George Cosmo: "dynamic acl (absolute timeout)"
• Next in thread: Pankaj S: "RE: dynamic acl (absolute timeout)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:55 GMT-3