Dynamic ACL Configuration Examples
In the topology diagram below, the user at PC1 is an administrator that requires a back door access to the 192.168.3.0 /24 network located on router R3.
A dynamic ACL has been configured to allow FTP and HTTP on router R3 access but only for a limited time. To facilitate this requirement a dynamic ACL is configured on the serial interface S0/0/1 on router R3.
Step–by-Step configuration example:
Step 1. Create login name and password for authentication
R3#config t
R3(config)#username Faculty password 0 cisco
Step 2. Allow the user to open a telnet connection to the router. The window configured to open for 15 minutes and then automatically closes whether it’s being used or not.
R3(config)#access-list 101 permit tcp any host 172.17.100.2 eq telnet
R3(config)#access-list 101 dynamic testlist timeout 15 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
Step 3. Apply ACL on interface serial0/0/1
R3(config)#interface serial0/0/1
R3(config-if)#ip access-group 101 in
Step 4. Once the user is authenticated using telnet, the autocommand becomes effective and the telnet session terminates. The user can now access network 192.168.3.0. The window closes after 5 minutes of inactivity
R3(config)#line vty 0 4
R3(config-line)#login local
R3(config-line)#autocommand access-enable host timeout 5
R3(config)#end
