From: John Edom (jedom123@gmail.com)
Date: Fri Jan 16 2009 - 02:01:59 ARST
Thanks Yandy, tell me timeout that we can see in "show access-list", is this
timeout that we configured with autocommand ? if yes then how we can see
absolute timeout ?
Regards
On Fri, Jan 16, 2009 at 7:55 AM, Yandy Ramirez <yandyr@gmail.com> wrote:
> The autocommand timeout is an idle timeout (inactivity), the timeout in the
> access-list is an absolute timeout, over all session time out. you need at
> least one of those, otherwise the session will remain open even after
> logging out or inactivity. Only being able to remove by logging in and
> manually removing the ACL entry created.
>
> yandy
>
>
> On Thu, Jan 15, 2009 at 10:37 PM, CiSco Champ <cischamp2009@gmail.com
> >wrote:
>
> > hi experts,
> >
> > In dynamic acl configuration, there are two timeouts, can you one
> explain.
> > I
> > thing one is for total session and other for idle
> >
> > username ccie password 0 cisco
> > username ccie autocommand access-enable host *timeout 2*
> >
> > access-list 101 dynamic DYN *timeout 5* permit tcp 192.168.1.0 0.0.0.255
> > any
> > eq telnet
> >
> >
> > Regards
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:38 ARST