Cisco Nexus 9000 Series Configuration Manual page 246
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Time Ranges
When you apply an ACL that uses time ranges, the device updates the affected I/O module whenever a time
range referenced in the ACL starts or ends. Updates that are initiated by time ranges occur on a best-effort
priority. If the device is especially busy when a time range causes an update, the device may delay the update
by up to a few seconds.
IPv4, IPv6, and MAC ACLs support time ranges. When the device applies an ACL to traffic, the rules in
effect are as follows:
• All rules without a time range specified
• Rules with a time range that includes the second when the device applies the ACL to traffic
The device supports named, reusable time ranges, which allows you to configure a time range once and specify
it by name when you configure many ACL rules. Time range names have a maximum length of 64 alphanumeric
characters.
A time range contains one or more rules. The two types of rules are as follows:
Absolute
A rule with a specific start date and time, specific end date and time, both, or neither. The following
items describe how the presence or absence of a start or end date and time affect whether an absolute
time range rule is active:
• Start and end date and time both specified—The time range rule is active when the current time is
• Start date and time specified with no end date and time—The time range rule is active when the
• No start date and time with end date and time specified—The time range rule is active when the
• No start or end date and time specified—The time range rule is always active.
For example, you could prepare your network to allow access to a new subnet by specifying a time range
that allows access beginning at midnight of the day that you plan to place the subnet online. You can use
that time range in ACL rules that apply to the subnet. After the start time and date have passed, the device
automatically begins applying the rules that use this time range when it applies the ACLs that contain
the rules.
Periodic
A rule that is active one or more times per week. For example, you could use a periodic time range to
allow access to a lab subnet only during work hours on weekdays. The device automatically applies ACL
rules that use this time range only when the range is active and when it applies the ACLs that contain
the rules.
Note
The order of rules in a time range does not affect how a device evaluates whether a time range is active. Cisco
NX-OS includes sequence numbers in time ranges to make editing the time range easier.
Time ranges also allow you to include remarks, which you can use to insert comments into a time range.
Remarks have a maximum length of 100 alphanumeric characters.
The device determines whether a time range is active as follows:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
220
later than the start date and time and earlier than the end date and time.
current time is later than the start date and time.
current time is earlier than the end date and time.
Configuring IP ACLs
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
