|
|
This chapter describes the function and displays the syntax for lock-and-key commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Security Command Reference.
To enable the router to create a temporary access list entry in a dynamic access list, use the access-enable EXEC command.
access-enable [host] [timeout minutes]| host | (Optional) Tells the software to enable access only for the host from which the Telnet session originated. If not specified, the software allows all hosts on the defined network to gain access. The dynamic access list contains the network mask to use for enabling the new network. |
| timeout minutes | (Optional) Specifies an idle timeout for the temporary access list entry. If the access list entry is not accessed within this period, it is automatically deleted and requires the user to authenticate again. The default is for the entries to remain permanently. We recommend that this value equal the idle timeout set for the WAN connection. |
To manually place a temporary access list entry on a router to which you are connected, use the access-template EXEC command.
access-template [access-list-number | name] [dynamic-name] [source] [destination] [timeout minutes]| access-list-number | Number of the dynamic access list. |
| name | Name of an IP access list. The name cannot contain a space or quotation mark, and must begin with an alphabetic character to avoid ambiguity with numbered access lists. |
| dynamic-name | (Optional) Name of a dynamic access list. |
| source | (Optional) Source address in a dynamic access list. The keywords host and any are allowed. All other attributes are inherited from the original access-list entry. |
| destination | (Optional) Destination address in a dynamic access list. The keywords host and any are allowed. All other attributes are inherited from the original access-list entry. |
| timeout minutes | (Optional) Specifies a maximum time limit for each entry within this dynamic list. This is an absolute time, from creation, that an entry can reside in the list. The default is an infinite time limit and allows an entry to remain permanently. |
To manually clear a temporary access list entry from a dynamic access list, use the clear access-template EXEC command.
clear access-template [access-list-number | name] [dynamic-name] [source] [destination]| access-list-number | (Optional) Number of the dynamic access list from which the entry is to be deleted. |
| name | Name of an IP access list from which the entry is to be deleted. The name cannot contain a space or quotation mark, and must begin with an alphabetic character to avoid ambiguity with numbered access lists. |
| dynamic-name | (Optional) Name of the dynamic access list from which the entry is to be deleted. |
| source | (Optional) Source address in a temporary access list entry to be deleted. |
| destination | (Optional) Destination address in a temporary access list entry to be deleted. |
To display the active accounting or checkpointed database or to display access list violations, use the show ip accounting privileged EXEC command.
show ip accounting checkpoint] [output-packets | access-violations]| checkpoint | (Optional) Indicates that the checkpointed database should be displayed. |
| output-packets | (Optional) Indicates that information pertaining to packets that passed access control and were successfully routed should be displayed. This is the default value if neither output-packets nor access-violations is specified. |
| access-violations | (Optional) Indicates that information pertaining to packets that failed access lists and were not routed should be displayed. |
|
|