12-6
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 12 Configuring Traffic Filtering
Time-Based ACLs
Example 12-2
creates a periodic time range named
no-http
that specifies Monday through Friday from
8:00 a.m. to 6:00 p.m.
Example 12-2 Configuring a Time Range
Router(config)# time-range no-http
Router(config-time-range)# periodic weekdays 8:00 to 18:00
Example 12-3
creates a time range named
HTTP
that specifies both periodic and absolute values. During
ACL processing, the router assumes that the time period begins right now because the
absolute
command does not specify a
start
value. The router then evaluates the
periodic
value, which indicates
that the time period is restricted to Monday through Wednesday from 8:00 a.m. to 7:00 p.m. The time
period ends on February 6 at 11:59 p.m.
Example 12-3 Configuring a Time Range with Periodic and Absolute Entries
Router(config)# time-range http
Router(config-t-range)# periodic monday 8:00 to wednesday 19:00
Router(config-t-range)# absolute end 23:59 6 February 2000
Applying a Time Range to a Numbered Access Control List
To apply a time range to the access control entries (ACEs) of a numbered extended access control list
(ACL), enter the following commands beginning in global configuration mode:
Example 12-4
permits SMTP traffic to the access the mail host (128.88.1.2) on Monday through Sunday
between the hours of 5:00 a.m. and 11:59 p.m, if the traffic belongs to an already established connection.
The example creates the time range named
smtp
and applies it to the ACE of the extended access list
numbered 102. The time-based ACL is then applied to the ingress serial 0 interface.
Command
Purpose
Step 1
Router (config)#
access-list
access-list-number
[
dynamic
dynamic-name
[
timeout
minutes
]] {
deny
|
permit
}
protocol
source source-wildcard
destination destination-wildcard
[
precedence
precedence
] [
tos
tos
] [
log
|
log-input
]
time-range
time-range-name
[
fragments
]
Defines a numbered extended IP access control list (ACL).
The
time-range
time-range-name
argument specifies the name of
the time range to apply to the ACE.
Note
In Cisco IOS Release 12.3(7)XI1, the
time-range
argument is required.
For more information about the access-list command, see the
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and
Services, Release 12.3
.
Step 2
Router(config)#
interface
type
number
slot
/
module
/
port
.
subinterface
Configures an interface and enters interface configuration mode.
Step 3
Router(config-if)#
ip access-group
{
access-list-number
|
access-list-name
}
{
in
|
out
}
Controls access to an interface.