TechTutorials - Free Computer Tutorials  

Cisco CCNA Security Training: Using the "access-enable" command Hot Popular

Added: 08/10/2009, Hits: 8,166, Rating: 4, Comments: 1, Votes: 1
Add To Favorites | Comment on this article
In today’s article, I’m going to quickly inform you about the Cisco IOS Privilege EXEC mode command named “access-enable”.

CCNA’s (like you) use the “access-enable” command to enable (allow) the router to create a temporary access list entry, within a dynamic access list.

In other words, you can use this command to enable (turn-on) the lock-and-key access feature.

Below is the command’s syntax:

access-enable [host] [timeout minutes]

As you can see, you can use the “host” (optional) keyword and the “timeout” (optional) keyword.

host – This (optional) keyword tells the software to enable access only for the host from which the Telnet session originated. If not specified, the software allows all hosts on the defined network to gain access. The dynamic access list contains the network mask to use for enabling the new network.

timeout minutes – And this (optional) keyword with the minutes argument; is used to indicate an idle timeout for the temporary access list entry. Meaning, if the access list entry is not accessed within this period (a specific time period), it will be automatically deleted and will require the user to attempt authentication again. By default, the entries remain permanent. Cisco recommends that this value equal the idle timeout set for the WAN connection.

Note: You can use the “autocommand” command with the access-enable command like you see below:

Router#autocommand access-enable host timeout 3

In the example above, the router is being told to execute the access-enable command (automatically) when ever a user opens a Telnet session into the router. And, the router’s IOS (software) is going to create a temporary access list entry and enable access only for the host from which the Telnet session originated. If the access list entry is not accessed within 3 minutes, it will be deleted.

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 11.1 or higher.

I hope this article was very informative and helped you quickly understand the usage of the access-enable command. If you need to learn more; I suggest you visit my website, ( were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

To your success,

Charles Ross
CCNA- CCNP #CSCO10444244

Comments (1)

Review By: rental mobil [04/21/2010]
Review Text: wow, Love it!!! thanks

Items Per Page:

Related Items

7 Seconds Resources, Inc.

IT Showcase