Filter
Top Products
12-4
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 12 Configuring Traffic Filtering
Time-Based ACLs
Example 12-1 Receive ACL Configuration
ip receive access-list 100
access-list 100 deny icmp any any fragments
access-list 100 permit icmp any any echo
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 22
access-list 100 permit ospf any any precedence internet
access-list 100 permit tcp host 10.0.0.1 any eq bgp precedence internet
access-list 100 deny ip any any
Time-Based ACLs
The Time-based ACLs feature allows the network administrator to define a time range when certain
resources may be accessed, thus providing greater control over resource usage.
While functionally similar to extended ACLs, time-based ACLs control access to the router for a specific
time period. A time range, identified by a name, defines the specific times of the day and week that the
ACL is active. The access control entries (ACEs) reference the time range name, which imposes the time
restriction on the ACEs. The time range relies on router’s system clock to activate or deactivate an ACE.
Previously, access list statements were always in effect after they were applied to an interface. However,
using the time-range command, network administrators can now define when the permit and deny
statements in the ACL are in effect. Both named and numbered access lists can reference a time range.
When you create a time range, you can specify both absolute and periodic time entries. The periodic
command in time-range configuration mode allows you to specify the days of the week and the time of
day that the access control entry (ACE) is active. The absolute command in time-range configuration
mode allows you to specify a specific time and date to activate the ACE and a specific time and date to
stop processing the ACE. You can specify only one absolute entry for each time range. During ACL
processing, the router begins evaluating the time range entry attached to the ACE after it reaches the
absolute start time. The router then evaluates the periodic values until the router reaches the absolute end
entry. No further processing occurs after the router reaches the absolute end value.
The Tine-based ACLs feature is described in the following topics:
• Feature History for Time-Based ACLs, page 12-4
• Restrictions for Time-Based ACLs, page 12-5
• Configuration Tasks for Time-Based ACLs, page 12-5
• Monitoring and Maintaining Time-Based ACLs, page 12-8
• Configuration Examples for Time-Based ACLs, page 12-8
Feature History for Time-Based ACLs
Cisco IOS Release Description Required PRE
12.3(7)XI1 This feature was introduced on the Cisco 10000 series
router.
PRE2
12.2(28)SB This feature was integrated into Cisco IOS Release
12.2(28)SB.
PRE2