Pages

Thursday, March 17, 2011

Time-based ACL

Time-based ACL is one of the feature of dynamic ACL which allows us to specify the active and inactive time of the access-list.  Here is how configuration of time-based access-list look like.

Configuration
We allows the configured access-list to be active during day time operation and disable the access-list after hours. In this case, we assume the hours of operation is from 8am - 5pm.



time-range MYTIME
  periodic daily 8:00 to 17:00

access-list 100 dynamic ACL_DYN permit ip any any time-range MYTIME


Verify configuration


R2#sh access-lists
Standard IP access list 1
    10 permit 239.0.0.0, wildcard bits 0.255.255.255
Extended IP access list 100
    10 Dynamic ACL_DYN permit ip any any time-range MYTIME (inactive)
R2# sh clock
*22:05:17.614 UTC Fri Mar 1 2002
R2#


R2#sh access-lists
Standard IP access list 1
    10 permit 239.0.0.0, wildcard bits 0.255.255.255
Extended IP access list 100
    10 Dynamic ACL_DYN permit ip any any time-range MYTIME (active)

R2#sh clock
*14:07:02.310 PST Fri Mar 1 2002
R2#



2 comments:

  1. This feature will allow you to set a permission based on time. The access-list will be enabled and disabled automatically according to the configured time. From the example above, we allow IP traffic to go through access-list from 8am - 5pm and deny IP traffic afterward.

    So, we will see the access-list is active at 14.07.02 but inactive at 22.05.17

    Noted that this access-list is an dynamic access-list type.

    ReplyDelete