Command:

dynamic


Mode:

Router(config-ext-nacl)#


Syntax:

 

dynamic dynamic-name [timeout minutes] {deny | permit} protocol source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log]

no dynamic dynamic-name [timeout minutes] {deny | permit} protocol source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log]


Syntax Description:

 

timeout

Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an infinite length of time and allows an entry to remain permanently.

precedence

Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name. The IP precedence is the three leftmost bits in the TOS octet of an IP header (as defined in RFCs 1349, 1812, 2474 & 2873). This may be set using the route map or policy map command set ip precedence.

tos

Packets can be filtered by type of service level, as specified by a number from 0 to 15 or by name. The TOS Field is bits 3-6 in the TOS octet of IPv4 header [RFC 1349].

log

(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)

 

Command Description:

 

To define a named dynamic IP access list, use the dynamic access-list configuration command. To remove the access lists, use the no form of this command. Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.  Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0. Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.


Example:

The following example defines a named access lists with a dynamic access list entry. The first line allows any host to telnet to the router to the router (IP address 172.18.21.2). The second line enables a dynamic list entry called testlist. This entry will allow any IP traffic from the host that telneted into the router. It also specifies that the temporary access will end after 120 seconds of no activity. 

Router(config-ext-nacl)#permit tcp any host 172.18.21.2 eq telnet
Router(config-ext-nacl)#dynamic testlist timeout 120 permit ip any any


Misconceptions:

 

None


Related Commands:

 

ip access-list extended

 

access-list

 


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)