Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
9
Helpful
2
Replies

ACL Hit Count Expiration

Mike Keenan
Level 1
Level 1

‎07-18-2014 06:55 AM - edited ‎03-11-2019 09:29 PM

Is there a way to configure an ACL to automatically expire and delete itself after a set amount of time of not being hit. For example:

Say I configure a specific rule permiting a specific user using a static IP address to traverse Network A and hit an application on Server X located on Network B. Six months later I forget about said user and he or she moves to another department and no longer needs access with that IP address to that server. Is there a way to configure that rule to automatically drop off if the hit count remains at 0 for longer than X amount of days?

Thanks!

Labels:
0 Helpful
2 Replies 2

nkarthikeyan
Level 7
Level 7

‎07-20-2014 07:10 AM

You can have time based access-list if you want to have the access-list or rule created for a certain period... But i am not sure if we have option to get automatic delete of the un-used ACL by its own.... and i do not think so we have that option.

 

Regards

Karthik

turbo_engine26
Level 4
Level 4

‎07-20-2014 09:06 AM

There is no such dynamic option of deleting an ACL of not being hit by packets for a specific source/destination for a specified period of time.

 

The only option you got is to use time-based ACL and set the time that you want for that source/destination traffic. Time-based ACL is as flexible as water. You can set it to use recurring time or absolute time, which is your case.

Firewall(config)# time-range Temp_Worker

Firewall(config-time-range)# absolute [start hh:mm day month year] [end hh:mm day month year]

 

Hope this helps.

 

AM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card