Cisco CCNA (640-553) Security Exam Training - Using the Access-enable Command

In today's article, I'm going to quickly inform you about the Cisco IOS Privilege EXEC mode command named "access-enable". CCNA's (like you) use the "access-enable" command to enable (allow) the router to create a temporary access list entry, within a dynamic access list. In other words, you can use this command to enable (turn-on) the lock-and-key access feature. Below is the command's syntax: access-enable [host] [timeout minutes] As you can see, you can use the "host" (optional) keyword and the "timeout" (optional) keyword. host - This (optional) keyword tells the software to enable access only for the host from which the Telnet session originated. If not specified, the software allows all hosts on the defined network to gain access. The dynamic access list contains the network mask to use for enabling the new network. timeout minutes - And this (optional) keyword with the minutes argument; is used to indicate an idle timeout for the temporary access list entry. Meaning, if the access list entry is not accessed within this period (a specific time period), it will be automatically deleted and will require the user to attempt authentication again. By default, the entries remain permanent. Cisco recommends that this value equal the idle timeout set for the WAN connection. Note: You can use the "autocommand" command with the access-enable command like you see below: Router#autocommand access-enable host timeout 3 In the example above, the router is being told to execute the access-enable command (automatically) when ever a user opens a Telnet session into the router. google_ad_client = "pub-2311940475806896"; /* 300x250, created 1/6/11 */ google_ad_slot = "0098904308"; google_ad_width = 300; google_ad_height = 250; And, the router's IOS (software) is going to create a temporary access list entry and enable access only for the host from which the Telnet session originated. If the access list entry is not accessed within 3 minutes, it will be deleted. By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 11.1 or higher. I hope this article was very informative and helped you quickly understand the usage of the access-enable command. To your success,

access point vs router