Lock-and-Key Security for Dynamic Access Lists

Lock-and-Key configuration

Point
 - create Dynamic ACL with required traffic (TELNET or Web access) using Extended ACL
 - create username with "autocommand access-enable timeout 5" command
 - add entries need to be permitted for management, routing protocol, etc. Or just permit "ip any any" at the bottom of the ACL entries.

Reference

Cisco IOS Security Configuration Guide: Securing the Data Plane