Monitoring and maintaining time-based acls, Configuration examples for time-based acls – Cisco 10000 User Manual
Page 310
12-8
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 12 Configuring Traffic Filtering
Time-Based ACLs
Monitoring and Maintaining Time-Based ACLs
To monitor and maintain time-based ACLs, enter any of the following commands in privileged EXEC
mode:
Configuration Examples for Time-Based ACLs
The following example permits Telnet connections from the 10.1.1.0 network to the 172.16.1.0 network
on Monday, Wednesday, and Friday during the business hours.
time-range EVERYOTHERDAY
periodic Monday Wednesday Friday 8:00 to 17:00
!
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range
EVERYOTHERDAY
!
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
The following example permits SMTP traffic from all networks to indefinitely access all networks
beginning at 12:00 p.m. on January 1, 2001.
time-range forever
absolute start 12:00 1 January 2001
!
ip access-list extended allusers
permit tcp any any eq 25 time-range forever
The following example permits UDP traffic until noon on December 31, 2000. The ACL entry will no
longer allow UDP traffic after that date and time.
time-range stop-udp
absolute end 12:00 31 December 2000
!
ip access-list extended usa
permit udp any any time-range stop-udp
The following configuration example permits telnet traffic on Monday, Tuesday, and Friday from
9:00 a.m. and 5:00 p.m.:
time-range telnet
periodic Monday Tuesday Friday 9:00 to 17:00
!
ip access-list extended camden
permit tcp any any eq telnet time-range telnet
Command
Purpose
Router# show access-lists [access-list-number |
access-list-name]
Displays the contents of current access lists or the access list you
specify.
Router# show interface type number
Displays information about the interface you specify and
indicates if an access list is configured on the interface.
Router# show time-range
Displays the configured time ranges.