Cisco time access list

Source: Internet
Author: User
1. time-based access lists allow you to control access permissions for a user in a certain period of time. switch in global configuration mode # the time range specified by conft has a meaningful name. the name cannot contain spaces or quotation marks and must start with a letter. switch (config) # time-rangetime-range

1. time-based access lists allow you to control access permissions for a user in a certain period of time. enter the global configuration mode Switch # conf t. The specified time range name has a meaningful name. the name cannot contain spaces or quotation marks and must start with a letter. switch (config) # time-range

1. Based onTimeOfAccessList

With time-based access list,YesControls the user's access permissions in a certain period of time.

Enter global configuration mode

Switch # conf t

The specified time range name has a meaningful name. The name cannot contain spaces and quotation marks and must start with a letter.

Switch (config) # time-range-name

Specified Time Range

Switch (config-time-range) # absolute [start time date] [end time date]

Or

Periodic day-of-the-week hh: mm to [day-of-the-week] hh: mm

Or

Periodic {weekdays | weekend | daily} hh: mm to hh: mm

Absolute: Specifies the Absolute time range. this keyword is followed by the start and end keywords. if the relevant permit or deny names in the access list take effect, start and end should follow the start and end times. it should be noted that the time is expressed in the 24-hour format, and the date is expressed in the format of (day/month/year.

Periodic: although each time range can have only one absolute statement, there can be multiple periodic statements. Besides, the absolute statement method only has a few parameters, such as the start time, end time, and date, while the periodic statement canUseA large number of parameters, which can be a combination of one or several days in a week, orUseKeywords such as daily weekdays weekend. Table 12-1 lists the parameters that can be used in a statement for the number of days per week.

Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday

Combination of one or several days

Daily

From Monday to Sunday

Weekend

Saturday and Sunday

Weekdays

From Monday to Friday

Back to privileged Configuration Mode

Switch (config-time-range) # end

Verify current settings

Switch # show time-range

Save current configuration

Copy running-config startup-config

With time-based access lists, you can control the access permissions of users within a certain period of time.

Restrict users' network applications

Normal users use the IP address range of "10.1.0.0/16". To restrict all employees from to from Monday to Friday ~ When chatting with QQ and MSN at, you can add the following language names to the access list:

Time-range deny-qq

---------- Define the time range name as "deny-qq"

Periodic weekdays start end

--------- The time range is from to from Monday to Friday ~

Ip access-list extend internet_limit

Deny tcp 10.1.0.0 0.0.255.255AnyEq 1863 time-range deny-qq

Deny tcp 10.1.0.0 0.0.255.255 any eq 8000 time-range deny-qq

Deny tcp 10.1.0.0 0.0.255.255 any eq 1080 time-range deny-qq

Deny udp 10.1.0.0 d0 0.20.255 any eq 8000 time-range deny-qq

Deny udp 10.1.0.0 0.0.0000255 any eq 4000 time-range deny-qq

Deny udp 10.1.0.0 0.0.0000255 any eq 1080 time-range deny-qq

---- Define the protocol and port number used for QQ and MSN Chat

Permit ip any

Other accesses are not restricted.

Note that most of the port numbers used by network applications can be found in the following files.

Win9X: % windir % \ services

WinNT/2000/xp/2003: % windir % \ system32 \ drivers \ etc \ services

Linux:/etc/services

If you cannot find a port-free application in the services file, you can run netstat-ap after running the program and find out the port number used by the application.

Enable network applications

To ensure that no user logs on to the vswitch during non-working hours, the Ethernet port FE0/0 of the vswitch only receives the destination port 23 (telnet) from AM to Am from Monday to Friday) and other non-work hours are prohibited.

The related configurations are as follows:

Interface fastethernet 0/0

Ip access-group 101 in

----- Apply IP address access list 101 to this port

Access-list 101 permit tcp any eq telnet time-range nettel

----- Set IP address access list 101

Time-range nettl

Periodic weekdays

----- Set the time access list nettel

2. Related configuration commands

Time access list Configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.