Dynamic ACL

Also known as Lock & key.
Depend on telnet , authentication , extended acl.
This is commonly used when we need to give acess for one user ( based on authentication )
Configuration first need enable telnet on router

so
#Username harry password 0 harry
# line vty 0 4
# login local ( this command causes this username should be used )

GIving telnet access to user is similar to giving key of your Home or office to outside guy.
If you don't trust that user very much , you can use below 2 option

option 1 ) time out for that specified user only

# username harry autocommand access-enable timeout host timeout 10

option 2 ) set timeout for all telnet users
#line vty 0 4
# login local
# autocommand access-enable host timeout 10

note : timeout 10 means 10 min

Remember in next steps while defining we can specify timeout , this timeout can override above timeout setting

The above configurations can be summarised as telnet access and entering that user based on acess-enable

For this we need to permit telnet traffic at router

so
# access-list 120 permit tcp any host < ip of interface router > eq telnet
so user entered router via access-enable function
next we define accesslist that user can control ip ranges after entering router.

# access-list 120 dynamic testlist timeout 15 permit ip 10.0.0.0 0.0.0.255 172.16.1.0 0.0.0.255

note here timeout is 15 min this override above set time out of 10 min

Then important part
applying acl
#int f0/0
#ip access-group 120 in