Skip to main content

dynamic access-list - the small trick

short note about the dynamic ACLs:

if you are going to use dynamic ACL to allow some kind of access to service/server with absolute timer it's very important to remember that you need to enable the "absolute timer" extensive of the ACL's


R1(config)#access-list dynamic-extended


and the rest that you have to remember is to put autocommand sub option but if you cannot remember what should be options after that they are available in exec mode



R1(config)#username ENABLE autocommand ?
LINE Command to be automatically issued after the user logs in



R1#access-enable ?
host Enable a specific host only
timeout Maximum idle time to expire this entry


example acl with dynamic statement
ip access-list extended DYN
permit tcp any any eq telnet
permit tcp any any eq 7001
permit udp any any eq rip
dynamic ACCESS timeout 15 permit tcp any any eq www
deny ip any any
deny ip any any log


vty configuration

R1(config-line)#autocommand access-enable timeout 5



One very important note from the INE technology workbook is to be careful with the AAA authorization when you are using dynamic ACL - the reason of that is you must using local exec authorization with non or if-authenticated

Popular posts from this blog

IOS on Unix (IOU)

source http://evilrouters.net/2011/01/18/cisco-iou-faq/ What is IOU? From the Cisco Engineering Education web site (a long time ago): IOS on Unix (IOU) is a fully working version of IOS that runs as a user mode UNIX (Solaris) process. IOU is built as a native Solaris image and run just like any other program. IOU supports all platform independent protocols and features. What operating systems does IOU run on? It is my understanding that, initially, IOU was Solaris (SPARC) only. Nowadays, however, there are also builds for OS X and Linux. Similar to dynamips, IOU allows you to build out a network topology on a computer, without the need for physical routers. This is useful for validating designs, proof-of-concept testing, and certification self-study. Is my system compatible with IOU? You will need to be running the operating system that your IOU image were built for, obviously. Other than that, there are no special requirements to run IOU. It is not very CPU- or memory-intensive, unlik...

Impressed with Poly brand for conference headphones

I previously used my Sony XM4 headphones for calls and initially found them versatile for multiple purposes. However, as my meetings extended to several hours, I noticed they became less comfortable. To address this, I upgraded to wireless headphones from Poly, which offer significantly improved comfort. While I don’t plan to use them for music listening, my initial impression is very positive.

Juniper IS-IS summary

##################################################################################################### ## ISIS ##################################################################################################### # Be sure to set family iso on the interface to be placed into ISIS set interfaces <interface> family iso # By default Junos places interfaces as L1/L2 # Default route leaking:         L1 to L2 - all internal routes         L2 to L1 - 0/0 route # L1/L2 will send the attached-bit down to L1 and it will act as a NSSA-like area.  When the L1 interface # receives the attached-bit it will inject a 0/0 route into the RIB point to the L1/L2 interface. # To disable the attached bit use: set protocols isis ignore-attached-bit # Be careful with the "interface all" command, as it may have some unexpected consequences such as trying # to establish a neighbor on your fxp0 management...