"ip audit"? Part of CBAC IPS functionality. I think the new IOS versions have this as part of "ip inspect" or "ip ips" commands. HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit Singh Sent: Tuesday, January 01, 2008 10:06 AM To: [email protected] Subject: Re: [OSL | CCIE_RS] CCIE_RS Digest, Vol 23, Issue 17 Hi Michael, Its has to be the Hold-time only. BTW, I am looking for an answer for the question below: Make sure that all the telnet connections are audited and the session should time out in 30 seconds. AFAIK, there is not time under the line-vty which we can set for 30seconds. Also IP TCP Synwait time only works when the router is originationg the telnet/tcp traffic. How can we limit the telnet to my device to 30 seconds. On Dec 31, 2007 10:30 PM, <[EMAIL PROTECTED]> wrote: Send CCIE_RS mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://onlinestudylist.com/mailman/listinfo/ccie_rs <http://onlinestudylist.com/mailman/listinfo/ccie_rs> or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of CCIE_RS digest..." Today's Topics: 1. CCIE Help Questions (Michael Liu) ---------------------------------------------------------------------- Message: 1 Date: Mon, 31 Dec 2007 07:21:02 +0000 From: Michael Liu <[EMAIL PROTECTED]> Subject: [OSL | CCIE_RS] CCIE Help Questions To: < <mailto:[email protected]> [email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hello: I have a question related to section 34 configure the EIGRP process to drop routes from inactive neighbors after half of the default value based on Cisco doc. There are two hold time available for that, NSF time is only for NSF-aware routers. should "ip hold-time eigrp" be the answer for this question? thanks, ~ml timers nsf route-hold To set the route-hold timer to determine how long an NSF-aware router that is running EIGRP will hold routes for an inactive peer, use the timers nsf route-hold command in router configuration mode. To return the route-hold timer to the default value, use the no form of this command. ip hold-time eigrp To configure the hold time for a particular Enhanced Interior Gateway Routing Protocol (EIGRP) routing process designated by the autonomous system number, use the ip hold-time eigrp command in interface configuration mode. To restore the default value, use the no form of this command. _________________________________________________________________ Don't get caught with egg on your face. Play Chicktionary! http://club.live.com/chicktionary.aspx?icid=chick_wlhmtextlink1_dec -------------- next part -------------- An HTML attachment was scrubbed... URL: http://onlinestudylist.com/pipermail/ccie_rs/attachments/20071231/76da16cc/a ttachment-0001.html End of CCIE_RS Digest, Vol 23, Issue 17 ***************************************
