Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
9
Replies

Time Based ACL

Robyn
Level 1
Level 1

‎11-18-2022 07:01 AM

Hi guys, so I have 10 IPs to deny them from using the internet during office hours (0900 - 1800) on weekdays. These IPs are from different VLANs. How do I go about configuring them?
ip dhcp excluded-address 192.168.20.11
ip dhcp excluded-address 192.168.20.12
ip dhcp excluded-address 192.168.20.13
ip dhcp excluded-address 192.168.20.14
ip dhcp excluded-address 192.168.30.9
ip dhcp excluded-address 192.168.30.10
ip dhcp excluded-address 192.168.30.11
ip dhcp excluded-address 192.168.30.12
ip dhcp excluded-address 192.168.30.13
ip dhcp excluded-address 192.168.30.14

 

These are the IPs that I have excluded from DHCP so I can configure them to not use the internet during office hours. 

192.168.20.0 has a subnet of /28 VLAN20

192.168.30.0 has a subnet of /28 as well VLAN30

 

So how do I configure them as I've been having a lot of troubles with it 

Labels:
0 Helpful
9 Replies 9

Robyn
Level 1
Level 1
In response to MHM Cisco World

‎11-18-2022 07:14 AM

Hi thanks for the response! I've checked it but the problem is the IPs that I've excluded how am I going to put them in a subnet range? 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Robyn

‎11-18-2022 07:37 AM

One option would be to go to each PC and statically define the IP you want it to use.

Another option, which your DHCP server might offer, is to assign specific IPs based on client's MAC.

For either approach, you just insure the IPs are in the subnets they need to be (and, of course, not used by any other device).

0 Helpful

Robyn
Level 1
Level 1
In response to Joseph W. Doherty

‎11-18-2022 09:25 AM

Yes ive statically assigned them the ip addresses but I dont see how I can create a time range access list for them 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Robyn

‎11-18-2022 10:44 AM - edited ‎11-18-2022 10:44 AM

Sorry mistook your questions about getting hosts, with known IPs, to time manage.

How for time based ACLs: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#anc56

0 Helpful

MichaelMcCoy
Level 1
Level 1

‎11-18-2022 08:58 AM

Just to be sure, these devices should be allowed to access the internet in off hours?  (1800-0900).


0 Helpful

Robyn
Level 1
Level 1
In response to MichaelMcCoy

‎11-18-2022 09:24 AM

Yes they should be allowed during off hours 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Robyn

‎11-18-2022 09:40 AM - edited ‎11-18-2022 10:19 AM

During Weekdays, can you more elaborate?

0 Helpful

MHM Cisco World
VIP
VIP
In response to MichaelMcCoy

‎11-18-2022 10:31 AM

@Robyn  @MichaelMcCoy 
the hr is 09:00 to 18:00 as his original post 
this what make me confuse 

0 Helpful
Customers Also Viewed These Support Documents