Using Time-Based Access-Lists
Problem
You want to filter application data based on the time of day.
Solution
To filter application data based on the time of day, use the following commands:
Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#time-rangeRouter1(config-time-range)#NOSURFperiodic weekdays 9:00 to 17:00Router1(config-time-range)#exitRouter1(config)#ip access-list extendedRouter1(config-ext-nacl)#NOSURFINGdeny tcp any any eq www time-rangeRouter1(config-ext-nacl)#NOSURFpermit ip any anyRouter1(config-ext-nacl)#exitRouter1(config)#interfaceRouter1(config-if)#FastEthernet0/1ip access-groupNOSURFINGinRouter1(config-if)#endRouter1#
Tip
This feature relies on an accurate system clock to function properly. It is highly recommended that you use NTP to synchronize the router’s clock. See Chapter 14 for more information regarding NTP.
Discussion
Timed-based access-lists allow you to filter application data based on the time of day. In our example, we’ve built an access-list that denies HTTP traffic during the work hours, Monday to Friday, from 9:00 to 17:00. Timed-based access-lists also allows control over other router features, based on the time of day, such as policy-based routing, CAR statements, ACL logging, on-demand link activation, or security policies, to name a few.
To configure a timed-based access-list, you must first configure a time-range:
Router2#configure terminal Enter configuration commands, one per ...Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
