Dynamic

To define a named, dynamic, IP access list, use the dynamic access-list configuration command. To remove the access lists, use the no form of this command.

dynamic dynamic-name [timeout minutes] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [fragments]

no dynamic dynamic-name ICMP

dynamic dynamic-name [timeout minutes] {deny | permit} icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [fragments]

IGMP

dynamic dynamic-name [timeout minutes] {deny | permit} igmp source source-wildcard destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log] [fragments]

dynamic dynamic-name [timeout minutes] {deny | permit} tcp source source-wildcard [operator port [port]] destination destination-wildcard [operatorport [port]] [established] [precedence precedence] [tos tos] [log] [fragments]

dynamic dynamic-name [timeout minutes] {deny | permit} udp source source-wildcard [operator port [port]] destination destination-wildcard [operatorport [port]] [precedence precedence] [tos tos] [log] [fragments]

Caution Named IP access lists will not be recognized by any software release prior to Cisco IOS Release 11.2.

Syntax Description dynamic-name Identifies this access list as a dynamic access list. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter in the Security Configuration Guide.

timeout minutes (Optional) Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an infinite length of time and allows an entry to remain permanently. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter in the Security Configuration Guide.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

protocol Name or number of an IP protocol. It can be one of the keywords

Was this article helpful?

0 0

Post a comment