Time-based ACLs

Source: Internet
Author: User

1. Experimental topology and requirements description

R1 for the internal network, R2 for the border router, R3 for the external network, the internal network is required to 8:00-17:30 the Internet every day, other times do not limit traffic

650) this.width=650; "alt=" Time-based ACL-worry-free grass-sheng13396075087 blog "src=" http://img1.ph.126.net/SQj7T_1pymNS5nngQ28w9g== /6619362364909440844.jpg "style=" border:0px;height:auto;margin:0px 10px 0px 0px; "/>

2, basic configuration omitted

To configure ACLs on R2:

time-range Work (define time period name is working day)

periodic weekdays 8:00am to 17:30 (setting cycle time)

access-list deny IP host 192.168.12.1 host 3.3.3.3 Time-range work

(Deny intranet 192.168.12.1 access extranet 3.3.3.3)

Access-list deny IP host 1.1.1.1 host 3.3.3.3 time-range work

(Deny intranet 1.1.1.1 access extranet 3.3.3.3)

access-list Permit IP Any any (no control of traffic for other time periods)

Called on the R2 interface s0/0:

Interface serial0/0

IP Access-group (here is the denial of traffic coming in from the s0/0 port of R2)


3. Experimental phenomena:

Intranet cannot be accessed when the R2 time is set to a weekday time period

650) this.width=650; "alt=" Time-based ACL-worry-free grass-sheng13396075087 blog "src=" http://img0.ph.126.net/gdNa8aIaJBDYUNhVB0IqXg== /6608685007492468506.jpg "style=" border:0px;height:auto;margin:0px 10px 0px 0px; "/>

650) this.width=650; "alt=" Time-based ACL-worry-free grass-sheng13396075087 blog "src=" http://img1.ph.126.net/5_Ocs0q1ogI0oswKESeDaA== /6619538286769884268.jpg "style=" border:0px;height:auto;margin:0px 10px 0px 0px; "/>

When the R2 time is set to a different time period, the intranet can access the extranet

650) this.width=650; "alt=" Time-based ACL-worry-free grass-sheng13396075087 blog "src=" http://img0.ph.126.net/E1VB_v8gyIO-DDcR_fvUfw== /6608664116771539305.jpg "style=" border:0px;height:auto;margin:0px 10px 0px 0px; "/>

650) this.width=650; "alt=" Time-based ACL-worry-free grass-sheng13396075087 blog "src=" http://img1.ph.126.net/k308A8PoH29r8QLNVnrR_w== /6608813650352919166.jpg "style=" border:0px;height:auto;margin:0px 10px 0px 0px; "/>

4. Summary

In the enterprise local area network, the data traffic is controlled by ACLs, which improves the security of traffic and is easy for network administrator to manage. However, there are several problems in writing ACLs, ACLs can only crawl traffic through this route, (that is, ACLs cannot filter the locally generated traffic), one direction of an interface can only be configured for one ACL for a single protocol, and if standard ACLs are used, it is recommended that the standard ACL configured on a router close to the destination address, or if you are using extended ACLs, it is recommended that you configure the extended ACL on a router that is near the source address.


This article is from the ICMP redirect Experiment blog, so be sure to keep this source http://shhqing.blog.51cto.com/8622597/1721316

Time-based ACLs

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.