short note about the dynamic ACLs: if you are going to use dynamic ACL to allow some kind of access to service/server with absolute timer it's very important to remember that you need to enable the "absolute timer" extensive of the ACL's R1(config)#access-list dynamic-extended and the rest that you have to remember is to put autocommand sub option but if you cannot remember what should be options after that they are available in exec mode R1(config)#username ENABLE autocommand ? LINE Command to be automatically issued after the user logs in R1#access-enable ? host Enable a specific host only timeout Maximum idle time to expire this entry example acl with dynamic statement ip access-list extended DYN permit tcp any any eq telnet permit tcp any any eq 7001 permit udp any any eq rip dynamic ACCESS timeout 15 permit tcp any any eq www deny ip any any deny ip any any log vty configuration R1(config-line)#autocommand access-enable timeout 5 One very