1.
Users who want to pass traffic through the lock-and-key router must initiate a Telnet to the router and
authenticate successfully with valid credentials; dynamic entries are populated accordingly.
2.
Either the local router or remote authentication performs the authentication process using TACACS+ or
Radius. (Cisco recommends using a TACACS+ server.)
3.
When the Telnet process completes, the router then disconnects the Telnet connection, and a dynamic
entry is populated in the extended ACL that was configured earlier. This dynamic entry permits traffic for a
particular period.
4.
Follow the steps shown to configure lock-and-key access. Note this example uses local router authentication.
Configure a local username for authentication:
username test password test123
Under the vty lines, configure login local; this will trigger the authentication process.
line vty 0 4
login local
To automatically invoke the access-enable command and set the timeout parameter, configure a username by
using one of the following methods:
1. Configure the access-enable command and associate the timeout with the user allowing control on a peruser
basis.
username test autocommand access-enable host timeout 10
2.
Pages:
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95