Cisco 10000 User Manual
Page 308
12-6
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 12 Configuring Traffic Filtering
Time-Based ACLs
creates a periodic time range named no-http that specifies Monday through Friday from
8:00 a.m. to 6:00 p.m.
Example 12-2 Configuring a Time Range
Router(config)# time-range no-http
Router(config-time-range)# periodic weekdays 8:00 to 18:00
creates a time range named HTTP that specifies both periodic and absolute values. During
ACL processing, the router assumes that the time period begins right now because the absolute
command does not specify a start value. The router then evaluates the periodic value, which indicates
that the time period is restricted to Monday through Wednesday from 8:00 a.m. to 7:00 p.m. The time
period ends on February 6 at 11:59 p.m.
Example 12-3 Configuring a Time Range with Periodic and Absolute Entries
Router(config)# time-range http
Router(config-t-range)# periodic monday 8:00 to wednesday 19:00
Router(config-t-range)# absolute end 23:59 6 February 2000
Applying a Time Range to a Numbered Access Control List
To apply a time range to the access control entries (ACEs) of a numbered extended access control list
(ACL), enter the following commands beginning in global configuration mode:
permits SMTP traffic to the access the mail host (128.88.1.2) on Monday through Sunday
between the hours of 5:00 a.m. and 11:59 p.m, if the traffic belongs to an already established connection.
The example creates the time range named smtp and applies it to the ACE of the extended access list
numbered 102. The time-based ACL is then applied to the ingress serial 0 interface.
Command
Purpose
Step 1
Router (config)# access-list
access-list-number [dynamic dynamic-name
[timeout minutes]] {deny | permit}
protocol source source-wildcard
destination destination-wildcard
[precedence precedence] [tos tos] [log |
log-input
] time-range time-range-name
[fragments]
Defines a numbered extended IP access control list (ACL).
The time-range time-range-name argument specifies the name of
the time range to apply to the ACE.
Note
In Cisco IOS Release 12.3(7)XI1, the time-range
argument is required.
For more information about the access-list command, see the
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and
Services, Release 12.3.
Step 2
Router(config)# interface type number
slot/module/port.subinterface
Configures an interface and enters interface configuration mode.
Step 3
Router(config-if)# ip access-group
{access-list-number | access-list-name}
{in | out}
Controls access to an interface.