Configure a global timeout value for all users who telnet in, so that they all have the same timeout.
line vty 0 4
login local
autocommand access-enable host timeout 10
Note
The value 10 in the previous example is the idle-timeout for the ACL. Absolute-timeout in the Dynamic
ACL will always supersede this value.
Then configure an extended ACL that is applied when a user (any user) logs in to the router and the accessenable
command is invoked. The maximum absolute time for this "hole" in the filter is set to 15 minutes; 15
(minutes) is the absolute timeout, and 10 (minutes) is the idle timeout. After 15 minutes, the dynamic entry is
removed, regardless of the usage and whether anyone is connected. Limit the networks to which the user needs
access by configuring the source or destination address and/or protocol/port details. The following example
allows the user to connect to the SMTP server 192.168.1.1 after a successful authentication.
Code View:
access-list 102 dynamic myacl timeout 15 permit tcp any host 192.168.1.1 eq smtp
The ACL should explicitly ensure that the capability for the host to telnet into the router is allowed, as shown in
the example that follows. The IP address used in this example is the Ethernet IP address of the router where the
user would telnet to authenticate and open the dynamic hole.
Pages:
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96