Snippet from http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_lock_key_secrty_ps6441_TSD_Products_Configuration_Guide_Chapter.html
Either define an idle timeout now with the *timeout* keyword in the * access-enable* command in the *autocommand* command, or define an absolute timeout value later with the *access-list* command. You must define either an idle timeout or an absolute timeout—otherwise, the temporary access list entry will remain configured indefinitely on the interface (even after the user has terminated their session) until the entry is removed manually by an administrator. (You could configure both idle and absolute timeouts if you wish.) router5(config)#access-list 123 dynamic king ? deny Specify packets to reject permit Specify packets to forward timeout Maximum time for dynamic ACL to live With regards Kings On Tue, Sep 14, 2010 at 1:38 PM, Vybhav Ramachandran <[email protected]>wrote: > Hello All, > > In this Dynamic ACL task , one of the requirements state that we need to > configure the Dynamic entries to have an absolute timeout of 30 mins , but > not configure this on the ACL. > > The solution configures this in the "access-enable" command. > > This timeout which is configured in the access-enable is not the absolute > timeout. It's the idle timeout. I also tested this. So my question is, is > there any other way to configure the "absolute" timeout for the dynamic > entries other than in the ACL? > > Cheers, > TacACK > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
