CCNA: Access Lists & Spannning Tree Protocol

Unanswered Question
Nov 3rd, 2008

1. whats a LOCK & KEY (DYNAMIC ACL); how does it work?

2.Does the IP ACCESS-GROUP "NAME" just name an access list?

3.How do TIME-BASED ACLs really work?

4.I cannot understand how a PVSTP, PVRSTP & MSTP really works?

5. Is the time it takes to go from Listening to Learning 15secs(Frwrd delay) or is that how long learning state takes? Or is that how long it takes to get there from BLOCKING?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carl_townshend Mon, 11/03/2008 - 09:02

Hi There

lock and key acls, basically are used on remote access vpn's, so you would have a firewall running aaa, the firewall would talk to a cisco ACS authentication server, which would have a mapping from say a windows AD account to a group, th group would have an access list applied to it. So depending on who you log in as you would get assigned a different ACL.

2.the ip access-group name command would apply a named access list to one of your interfaces.

3.Time based acl's basically activate an access list at a certain time , anything else would get dropped if not configured, use the time-range command after the acl

4.someone else may need to answer this, i would explain it a little to long winded, someone else may know a quicker way.

5.I believe the forward delay is the listening and learning total time, which would be 15 secs each, so 30 secs total, someone correct me if im wrong

HTH

Carl

Actions

This Discussion