Topics
  • Most Recent Stories
  • Trending Stories
  • Miscellaneous
  • New
  • SAP
  • Cisco
  • oracle
  • Microsoft
  • CCIE
  • CCNA
  • CCNP
  • Networking
  • Education
  • Eccouncil
  • Route
  • Routing
  • Switch
  • OSPF
  • EIGRP
  • Job
  • Firewall
  • VPN
How to configure Time Range Access Control List (ACL)?
  • Total 2 Answers
  • 16378
author

Time Based Access Control List:
Time based ACL are just like normal Extended ACL but in this we define time-range which defines duration for which ACL is going to work.
To configure these ACL we need to configure Time-Range and define time in that Time-Range.
Time range are of two types 
•    Absolute time-Range
•    Periodic Time-Range
Absolute Time-Range: In this duration of time is fixed throughout the time-range defined.
Periodic Time-Range: In this duration is periodic and can be set according to the requirement in our time range.
Note: Time of all the device should be synchronized 

Configuration:
According to our topology, we have telnet and ssh client which are going to access telnet and ssh server, we are going to restrict each client to not to be able to perform other service using time-based ACL

Please follow topology for reference.

 


In global configuration mode we created two time range named CISCO and ABCD by following configuration:

 R1(config)#time-range CISCO
 R1(config-time-range)#absolute start 11:30 10 april 2017 end 11:35 10 april 2017
 R1(config-time-range)#exit
 R1(config)#time-range ABCD
 R1(config-time-range)#periodic weekdays 11:30 to 11:35 
 R1(config-time-range)#exit

Now we are going to call these Time-Range in Extended ACL
by following commands for restricting traffic of each client:

R1(config)#ip access-list extended TELNET/SSH
R1(config-ext-nacl)#deny tcp host 192.168.101.200 host 12.0.0.2 eq 23 time-range CISCO
R1(config-ext-nacl)#deny tcp host 192.168.101.100 host 12.0.0.2 eq 22 time-range ABCD
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#exit

Now we apply ACL on interface for restricting traffic to go past R1
and reach Telnet/SSH server.

R1(config)#int f0/0
R1(config-if)#ip access-group TELNET/SSH in