Home Security Security Configuration How to configure conditional ACL is called Lock & Key

This is a sample configuration for conditional ACL is often called Lock & Key. By the authenticating, router will allow traffic for certain time.

Host IP =
Cisco-router = Fa0/0:
Server IP =

1. Create Account

Cisco-router(config)# username ACCESS password cisconet


2. Create ACL

Cisco-router(config)# access-list 101 permit tcp any host eq telnet
Cisco-router(config)# access-list 101 dynamic ACCESS timeout 2 permit ip any any

* Timeout in minute.
** dynamic ACL name ; ACCESS

3. Apply ACL

Cisco-router(config)# interface fa0/0
Cisco-router(config-if)# ip access-group 101 in


4. Configure vty

Cisco-router(config)# line vty 0 4
Cisco-router(config-line)# login local
Cisco-router(config-line)# autocommand access-enable host timeout 1

* timeout in minute

5. Verifying

From host/, telnet into to get authentication. After authenticating, router will allow traffic for host

Cisco-router#sh ip access-lists 101
Extended IP access list 101
    10 permit tcp any host eq telnet (75 matches)
    20 Dynamic telnet permit ip any any
       permit ip host any (49 matches) (time left 54)

Last Updated (Friday, 02 April 2010 19:34)

Smart Link
Content View Hits : 2252548
Highly recommended firewall vendor?
Google Translation
English Arabic Chinese (Simplified) Czech Dutch French German Italian Korean Portuguese Russian Spanish Filipino Vietnamese Thai Turkish
BGP routing issue?
World Route Servers
Who's Online
We have 16 guests online