Lock and key, additionally accepted as activating ACLs, was alien in
Cisco IOS Software Release 11.1. This affection is abased on Telnet,
affidavit (local or remote), and continued ACLs.
Lock and key agreement starts with the appliance of an
continued ACL to block cartage through the router. Users that appetite
to bisect the router are blocked by the continued ACL until they Telnet
to the router and are authenticated. The Telnet affiliation again drops
and a single-entry activating ACL is added to the continued ACL that
exists. This permits cartage for a accurate time period; abandoned and
complete timeouts are possible.
This is the command syntax architecture for lock and key agreement with bounded authentication.
username username countersign password
interface
ip access-group {number|name} {in|out}
The single-entry ACL in this command is dynamically added to the ACL that exists afterwards authentication.
access-list access-list-number activating name{permit|deny} [protocol]
{source source-wildcard|any} {destination destination-wildcard|any}
[precedence precedence][tos tos][established] [log|log-input]
[operator destination-port|destination port]
band vty line_range
login local
This is a basal archetype of lock and key.
username analysis countersign 0 analysis
!--- Ten (minutes) is the abandoned timeout.
username analysis autocommand access-enable host abeyance 10
interface Ethernet0/0
ip abode 10.1.1.1 255.255.255.0
ip access-group 101 in
access-list 101 admittance tcp any host 10.1.1.1 eq telnet
!--- 15 (minutes) is the complete timeout.
access-list 101 activating testlist abeyance 15 admittance ip 10.1.1.0 0.0.0.255
172.16.1.0 0.0.0.255
band vty 0 4
login bounded
After the user at 10.1.1.2 makes a Telnet affiliation to
10.1.1.1, the activating ACL is applied. The affiliation is again
dropped, and the user can go to the 172.16.1.x network.
Sections
Comments (0 posted)
Syndication
