Time-based acls, Feature history for time-based acls – Cisco 10000 User Manual

Page 306

Advertising
background image

12-4

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 12 Configuring Traffic Filtering

Time-Based ACLs

Example 12-1 Receive ACL Configuration

ip receive access-list 100

access-list 100 deny icmp any any fragments

access-list 100 permit icmp any any echo

access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 22

access-list 100 permit ospf any any precedence internet

access-list 100 permit tcp host 10.0.0.1 any eq bgp precedence internet

access-list 100 deny ip any any

Time-Based ACLs

The Time-based ACLs feature allows the network administrator to define a time range when certain
resources may be accessed, thus providing greater control over resource usage.

While functionally similar to extended ACLs, time-based ACLs control access to the router for a specific
time period. A time range, identified by a name, defines the specific times of the day and week that the
ACL is active. The access control entries (ACEs) reference the time range name, which imposes the time
restriction on the ACEs. The time range relies on router’s system clock to activate or deactivate an ACE.

Previously, access list statements were always in effect after they were applied to an interface. However,
using the time-range command, network administrators can now define when the permit and deny
statements in the ACL are in effect. Both named and numbered access lists can reference a time range.

When you create a time range, you can specify both absolute and periodic time entries. The periodic
command in time-range configuration mode allows you to specify the days of the week and the time of
day that the access control entry (ACE) is active. The absolute command in time-range configuration
mode allows you to specify a specific time and date to activate the ACE and a specific time and date to
stop processing the ACE. You can specify only one absolute entry for each time range. During ACL
processing, the router begins evaluating the time range entry attached to the ACE after it reaches the
absolute start time. The router then evaluates the periodic values until the router reaches the absolute end
entry. No further processing occurs after the router reaches the absolute end value.

The Tine-based ACLs feature is described in the following topics:

Feature History for Time-Based ACLs, page 12-4

Restrictions for Time-Based ACLs, page 12-5

Configuration Tasks for Time-Based ACLs, page 12-5

Monitoring and Maintaining Time-Based ACLs, page 12-8

Configuration Examples for Time-Based ACLs, page 12-8

Feature History for Time-Based ACLs

Cisco IOS Release

Description

Required PRE

12.3(7)XI1

This feature was introduced on the Cisco 10000 series
router.

PRE2

12.2(28)SB

This feature was integrated into Cisco IOS Release
12.2(28)SB.

PRE2

Advertising
Popular Brands
Popular manuals