Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CCNA: Access Lists & Spannning Tree Protocol

1. whats a LOCK & KEY (DYNAMIC ACL); how does it work?

2.Does the IP ACCESS-GROUP "NAME" just name an access list?

3.How do TIME-BASED ACLs really work?

4.I cannot understand how a PVSTP, PVRSTP & MSTP really works?

5. Is the time it takes to go from Listening to Learning 15secs(Frwrd delay) or is that how long learning state takes? Or is that how long it takes to get there from BLOCKING?

New Member

Re: CCNA: Access Lists & Spannning Tree Protocol

Hi There

lock and key acls, basically are used on remote access vpn's, so you would have a firewall running aaa, the firewall would talk to a cisco ACS authentication server, which would have a mapping from say a windows AD account to a group, th group would have an access list applied to it. So depending on who you log in as you would get assigned a different ACL.

2.the ip access-group name command would apply a named access list to one of your interfaces.

3.Time based acl's basically activate an access list at a certain time , anything else would get dropped if not configured, use the time-range command after the acl

4.someone else may need to answer this, i would explain it a little to long winded, someone else may know a quicker way.

5.I believe the forward delay is the listening and learning total time, which would be 15 secs each, so 30 secs total, someone correct me if im wrong