Dynamic acl learning notes 02/24 Update SLTechnology News&Howtos

Dynamic acl learning notes

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Dynamic ACL:

R2 (config) # username ccna password cisco / / establish a local database for the account authenticated during telnet

R2 (config) # access-list 120 permit tcp 172.16.3.0 0.0.255 host 2.2.2.2 eq telnet / / turn on TELNET access, otherwise you cannot use telnet for authentication

R2 (config) # access-list 120 permit tcp 172.16.3.0 0.0.255 host 192.168.12.2 eq telnet

R2 (config) # access-list 120 permit tcp 172.16.3.0 0.0.255 host 192.168.23.2 eq telnet

R2 (config) # access-list 120 permit eigrp any any / / allow EIGRP protocol

R2 (config) # access-list 120 dynamic test timeout 120 permit ip 172.16.3.0

0.0.0.255 host 2.2.2.2

/ / "dynamic" defines the dynamic ACL, and "timeout" defines the absolute timeout of the dynamic ACL, that is, 120 seconds.

R2 (config) # access-list 120 dynamic test1 timeout 120 permit ip 172.16.3.0

0.0.0.255 host 192.168.12.2

R2 (config) # access-list 120 dynamic test2 timeout 120 permit ip 172.16.3.0

0.0.0.255 host 192.168.23.2

R2 (config) # interface s0bin1

R2 (config-if) # ip access-group 120 in

R2 (config) # line vty 0 4

R2 (config-line) # login local / / VTY uses local authentication

R2 (config-line) # autocommand access-enable host timeout 5

/ / create a temporary access control list entry in a dynamic ACL. "timeout" defines the idle timeout value, which must be less than the absolute timeout value. 5 represents minutes

Username ccna autocommand access-enable host timeout 3

/ / this statement defines the idle timeout of the user ccna as 3 minutes.

When dynamic acl is enabled, you can no longer log in to the router using telnet because the ports are occupied by authenticated telnet, so you need to open another vty line for telnet login

Line vty 0 3

Password cisco

Line vty 4

Password ccna

Rotary 1

/ / vty 0 3, that is, 03The four lines use cisco local account authentication for telnet dynamic authentication

/ / vty 4 is the line to log in to the router. Because rotary is used, the port is changed to 3001 and the password is ccna.

/ / this allows you to use telnet for dynamic authentication and telnet to log in to the device itself

/ / Note: if a dynamic routing protocol is used to allow telnet traffic to pass by default, it is also necessary to pass the traffic used by the routing protocol

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.