Cisco Catalyst 3550 series Software Configuration Manual page 556
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Configuring IP ACLs
This example shows how to configure time ranges for workhours and for company holidays and how to
verify your configuration.
Switch(config)# time-range workhours
Switch(config-time-range)# periodic weekdays 8:00 to 12:00
Switch(config-time-range)# periodic weekdays 13:00 to 17:00
Switch(config-time-range)# exit
Switch(config)# time-range new_year_day_2000
Switch(config-time-range)# absolute start 00:00 1 Jan 2000 end 23:59 1 Jan 2000
Switch(config-time-range)# exit
Switch(config)# time-range thanksgiving_2000
Switch(config-time-range)# absolute start 00:00 22 Nov 2000 end 23:59 23 Nov 2000
Switch(config-time-range)# exit
Switch(config)# time-range christmas_2000
Switch(config-time-range)# absolute start 00:00 24 Dec 2000 end 23:50 25 Dec 2000
Switch(config-time-range)# end
Switch# show time-range
time-range entry: christmas_2000 (inactive)
absolute start 00:00 24 December 2000 end 23:50 25 December 2000
time-range entry: new_year_day_2000 (inactive)
absolute start 00:00 01 January 2000 end 23:59 01 January 2000
time-range entry: thanksgiving_2000 (inactive)
absolute start 00:00 22 November 2000 end 23:59 23 November 2000
time-range entry: workhours (inactive)
periodic weekdays 8:00 to 12:00
periodic weekdays 13:00 to 17:00
For a time range to be applied, you must enter the time-range name in an extended ACL that can
implement time ranges. This example shows how to create and verify extended access list 188 that denies
TCP traffic from any source to any destination during the defined holiday time ranges and permits all
TCP traffic during work hours.
Switch(config)# access-list 188 deny tcp any any time-range new_year_day_2000
Switch(config)# access-list 188 deny tcp any any time-range thanskgiving_2000
Switch(config)# access-list 188 deny tcp any any time-range christmas_2000
Switch(config)# access-list 188 permit tcp any any time-range workhours
Switch(config)# end
Switch# show access-lists
Extended IP access list 188
deny tcp any any time-range new_year_day_2000 (inactive)
deny tcp any any time-range thanskgiving_2000 (active)
deny tcp any any time-range christmas_2000 (inactive)
permit tcp any any time-range workhours (inactive)
This example uses named ACLs to permit and deny the same traffic.
Switch(config)# ip access-list extended deny_access
Switch(config-ext-nacl)# deny tcp any any time-range new_year_day_2000
Switch(config-ext-nacl)# deny tcp any any time-range thanksgiving_2000
Switch(config-ext-nacl)# deny tcp any any time-range christmas_2000
Switch(config-ext-nacl)# exit
Switch(config)# ip access-list extended may_access
Switch(config-ext-nacl)# permit tcp any any time-range workhours
Switch(config-ext-nacl)# end
Switch# show ip access-lists
Extended IP access list deny_access
deny tcp any any time-range new_year_day_2000 (inactive)
deny tcp any any time-range thanksgiving_2000 (inactive)
deny tcp any any time-range christmas_2000 (inactive)
Extended IP access list may_access
permit tcp any any time-range workhours (inactive)
Catalyst 3550 Multilayer Switch Software Configuration Guide
28-18
Chapter 28
Configuring Network Security with ACLs
78-11194-09
Advertisement
Table of Contents
Troubleshooting
