Table of Contents
Advertisement
Configuring IP ACLs
Command
Step 3
absolute [start time date]
[end time date]
or
periodic day-of-the-week hh:mm to
[day-of-the-week] hh:mm
or
periodic {weekdays | weekend | daily}
hh:mm to hh:mm
Step 4
end
Step 5
show time-range
Step 6
copy running-config startup-config
Repeat the steps if you have multiple items that you want in effect at different times.
To remove a configured time-range limitation, use the no time-range time-range-name global
configuration command.
This example shows how to configure time ranges for workhours and for company holidays and to verify
your configuration.
Switch(config)# time-range workhours
Switch(config-time-range)# periodic weekdays 8:00 to 12:00
Switch(config-time-range)# periodic weekdays 13:00 to 17:00
Switch(config-time-range)# exit
Switch(config)# time-range new_year_day_2003
Switch(config-time-range)# absolute start 00:00 1 Jan 2003 end 23:59 1 Jan 2003
Switch(config-time-range)# exit
Switch(config)# time-range thanksgiving_2003
Switch(config-time-range)# absolute start 00:00 27 Nov 2003 end 23:59 28 Nov 2003
Switch(config-time-range)# exit
Switch(config)# time-range christmas_2003
Switch(config-time-range)# absolute start 00:00 24 Dec 2003 end 23:50 25 Dec 2003
Switch(config-time-range)# end
Switch# show time-range
time-range entry: christmas_2003 (inactive)
absolute start 00:00 24 December 2003 end 23:50 25 December 2003
time-range entry: new_year_day_2003 (inactive)
absolute start 00:00 01 January 2003 end 23:59 01 January 2003
time-range entry: thanksgiving_2000 (inactive)
absolute start 00:00 22 November 2003 end 23:59 23 November 2003
time-range entry: workhours (inactive)
periodic weekdays 8:00 to 12:00
periodic weekdays 13:00 to 17:00
To apply a time-range, enter the time-range name in an extended ACL that can implement time ranges.
This example shows how to create and verify extended access list 188 that denies TCP traffic from any
source to any destination during the defined holiday times and permits all TCP traffic during work hours.
Switch(config)# access-list 188 deny tcp any any time-range new_year_day_2003
Switch(config)# access-list 188 deny tcp any any time-range thanskgiving_2003
Switch(config)# access-list 188 deny tcp any any time-range christmas_2003
Switch(config)# access-list 188 permit tcp any any time-range workhours
Switch(config)# end
Switch# show access-lists
Extended IP access list 188
10 deny tcp any any time-range new_year_day_2003 (inactive)
20 deny tcp any any time-range thanskgiving_2003 (active)
Catalyst 3750 Switch Software Configuration Guide
31-18
Purpose
Specify when the function it will be applied to is operational.
You can use only one absolute statement in the time range. If you
•
configure more than one absolute statement, only the one configured
last is executed.
You can enter multiple periodic statements. For example, you could
•
configure different hours for weekdays and weekends.
Refer to the example configurations.
Return to privileged EXEC mode.
Verify the time-range configuration.
(Optional) Save your entries in the configuration file.
Chapter 31
Configuring Network Security with ACLs
78-16180-02
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
