Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Reference the Time Range

Reference the Time Range

Jul 08,2009 by alperen

small font medium font large font
image


An extended access control list can be either a numbered or a named ACL. In each case, the Time-Range option is added to provide an additional qualifier for the permit|deny statement. The basic syntax for a named ACL would be

Router(config)#ip access-list extended name
Router(config-ext-nacl)# {permit | deny} {protocol | protocol-keyword}{source
wildcard | any} [operator source-port] {destination wildcard | any} [operator
destination-port] [precedence precedence] [tos tos] [log | log-input] [options]
[time-range time-range-name]

The basic syntax for a numbered ACL would be

Router(config)#access-list acl# {permit | deny} {protocol | protocol-keyword}{source
wildcard | any} [operator source-port] {destination wildcard | any} [operator
destination-port] [precedence precedence] [tos tos] [log | log-input] [options]
[time-range time-range-name]

The following time range example with a periodic statement denies web traffic to employees on the Ethernet LAN for Monday through Friday during business hours (8:00 A.M. to 6:00 P.M.).

time-range no-web
  periodic weekdays 8:00 to 18:00
!
ip access-list extended block-web
  deny tcp any any eq www time-range no-web
  permit ip any any
!
interface ethernet 0
  ip access-group block-web in
!

The following example uses a time-based access list to allow a LAN to begin accessing the network beginning at 8:00 A.M. on January 1, 2003. The access will continue until stopped. The access list and time range together permit traffic on Ethernet interface 0 starting.

time-range new-lan
  absolute start 8:00 1 January 2003
!
ip access-list extended start-service
  permit ip 192.168.15.0 0.0.0.255 any time-range new-lan
!
interface ethernet 0
  ip access-group start-service in

The following example uses a time-based access list to block a LAN from accessing the network beginning at midnight on December 31, 2003.

time-range stop-lan
  absolute end 23:59 31 December 2003
!
ip access-list extended stop-service
  permit ip 192.168.15.0 0.0.0.255 any time-range stop-lan
!
interface ethernet 0
  ip access-group stop-service in

The following example uses a time-based access list to permit weekend employees to browse the Internet for a two month test period from 8:00 A.M. on June 1, 2003, to 6:00 P.M.on July 31, 2003.

time-range web-test
absolute start 8:00 1 June 2003 end 18:00 31 July 2003
periodic weekends 00:00 to 23:59
!
ip access-list extended lan-web
  permit tcp 192.168.15.0 0.0.0.255 any eq www time-range web-test
!
interface ethernet 0
  ip access-group lan-web in

583 times read

Related news
» IP-ICMP-TCP-UDP access-list cisco
by alperen posted on Jul 26,2009
» access-list cisco IP Called ACLs
by alperen posted on Jul 26,2009
» The absolute Command
by alperen posted on Jul 08,2009
» Named Access Lists
by alperen posted on Mar 24,2010
» Using Time-Based Access-Lists
by admin posted on Jul 21,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.