Using Time-Based Access-Lists
Problem
You want to filter application data based on the time of day.
Solution
To filter application data based on the time of day, use the following commands:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#time-range
Router1(config-time-range)#
NOSURF
periodic weekdays 9:00 to 17:00
Router1(config-time-range)#exit
Router1(config)#ip access-list extended
Router1(config-ext-nacl)#
NOSURFING
deny tcp any any eq www time-range
Router1(config-ext-nacl)#
NOSURF
permit ip any any
Router1(config-ext-nacl)#exit
Router1(config)#interface
Router1(config-if)#
FastEthernet0/1
ip access-group
NOSURFING
in
Router1(config-if)#end
Router1#
Tip
This feature relies on an accurate system clock to function properly. It is highly recommended that you use NTP to synchronize the router’s clock. See Chapter 14 for more information regarding NTP.
Discussion
Timed-based access-lists allow you to filter application data based on the time of day. In our example, we’ve built an access-list that denies HTTP traffic during the work hours, Monday to Friday, from 9:00 to 17:00. Timed-based access-lists also allows control over other router features, based on the time of day, such as policy-based routing, CAR statements, ACL logging, on-demand link activation, or security policies, to name a few.
To configure a timed-based access-list, you must first configure a time-range:
Router2#configure terminal
Enter configuration commands, one per ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.