Cisco Support Community
Community Member

Lock & Key (Dynamic ACL)

How do I setup a Dynamic ACL, yet still allow ssh/telnet access to the router ?

Tried L&K on line vty 0 via ssh, and it works fine... I provide my username and password, then it drops the connection and starts the dynamic acl. The problem is I want to be able to ssh into the router normally to configure it.... but since L&K controls vty 0, I can't get in !?

Thanks !


Re: Lock & Key (Dynamic ACL)


The concept of dynamic ACLs itself to authenticate through Telnet session to create Temporary ACL entries and IMMEDIATELY terminates the session. So the behavior which you experienced is by it's design.

One option which I can think of is to serve your purpose is...

Each VTY port also have specific port number (just like TTY ports connected to Cisco AS2511-RJ router to have OOB access) and you can configure dynamic ACLs for some VTY ports (say, VTY 0 to 3) and plain configuration for any of remaining ports (say VTY 4). So that, you can login indefinitely by telnetting into VTY 4 with that particular port number which varies from model to model.

But this also have a disadvantage that dynamic ACLs won't be effective if you have connected into this Telnet session by default in future.

Thank you,



With best regards... Ashok ----------- Pls kindly rate if helpful or answered your question.
CreatePlease to create content