This topic describes how to set the ACL time control list. Today, let's take a closer look at the charm of the ACL time control list!
What is ACL?
An ACL is short for an access control list. It uses packet filtering technology to read information from the third-layer and fourth-layer headers on a vro, such as the source address, source port, and destination port, filter packets according to predefined rules to achieve access control. This technology was initially supported only on routers. In recent years, it has been extended to layer-3 switches, and some of the latest layer-2 switches have begun to support ACL.
Access ACL Time Control List ACL) is actually a filtering behavior based on the content of data packets on the vro or layer-3 switch. The router or layer-3 Switch determines whether to forward or discard the packet based on the packet characteristics and the policy defined in the ACL. A common access control table is usually configured based on the source address, target address, and protocol type of IP data packets. This article introduces another access control table: a time-based access control table.
The time-based access control table can control the forwarding of network packets based on different dates in a day or within a week. This time-based access control table adds an effective time range to the original standard access control table and extended access control table to control the network more reasonably and effectively. First, define a time range and then apply it to the original access list.
In the design of the ACL-based time control list, the time-range command is used to specify the name of the time range, and then the absolute command or one or more periodic commands are used to define the time range. Command Format:
ACL Time Control List
The following describes the details of each command and parameter.
◆ Time-range:
◆ Commands used to define the time range.
◆ Time-range-name:
◆ Time range name, used to identify the time range for reference in the subsequent access list.
◆ Absolute:
This command is used to specify the absolute time range. It is followed by the start and end keywords. The time after these two keywords is in the 24-hour hh: mm format, and the date is represented by day, month, or year. If start and its later time are omitted, the associated permit or deny statement takes effect immediately and takes effect until the end time. If the end and its later time are omitted, it indicates that the time indicated by the related permit or deny statement at start takes effect and continues.
Periodic
The ACL time control list is a command that defines the time range using the week parameter. Its Parameters include Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, or Sunday, or daily or weekday ), or weekend (weekend ).
The following example describes how to use a time-based access control table. In a network, For the sake that the hosts in the network cannot perform Web browsing during working hours, from AM to Am from Monday to Friday, no http access is allowed, on Saturday and Sunday, all accesses are allowed.
Set the ACL Time Control List
We use the extended access ACL time control list based on time to implement this function. First, we define a time range from AM to Am from Monday to Friday, with the name "worktime ": next, define a named access control table named "nohttp", which works with the previously defined time range "worktime" to disable the http protocol within the time range: to allow all data packets to pass through this time, you also need to define an ACE that is allowed to pass through:
◆ Lab (config-ext-nacl) # deny ip any
◆ Finally, apply the ACL to the router interface:
Set the ACL Time Control List
Set the ACL Time Control List
Using the ACL-based time control list reasonably and effectively can more effectively, securely, and conveniently protect our internal network so that your network will be more secure, network administrators are also more relaxed.