Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
4
Helpful
3
Replies

Time Based Access List

umeshgurav
Level 1
Level 1

‎07-16-2008 08:48 PM - edited ‎03-03-2019 10:46 PM

Dear All

I have a lease line as primary and Vsat as backup link to a remote branch,with the lan ip range 130.12.1.101. We have internet access to the remote user via proxy .I want to restrict a block of host to access the internet at particular time .These host shud be able to access internet everyday between 8.00 am to 10.00 am in morning and 18.00 to 20.00 hrs in teh evening .

Kindly help me to configure this.

Regards

Umesh

Labels:
0 Helpful
3 Replies 3

Goutam Sanyal
Level 4
Level 4

‎07-16-2008 09:37 PM

Hi Umesh,

Please do the following:-

login to router-> conf t->

#time-range [name_locally]

#periodic daily [start_time] to [end_time]

#periodic daily [start_time] to [end_time]

Access-list configuration

#ip access-list extended [name_of _access-list]

#permit tcp [your_required_network] [netmusk] [proxy_ip_address] time-range [name_locally]

Apply it to the required interface.

For PIX, do the following:

#time-range entry: [name_time_range] (active)

periodic daily 10:30 to 11:00

periodic daily 13:00 to 14:00

periodic daily 17:00 to 18:00

#access-list acl_in line 77 extended permit ip host [proxy_ip_address] any time-range

#access-list acl_in line 77 extended permit ip host [proxy_ip_address] any time-range [name_time_range]

Thanks

Goutam [pls rate if it works]

umeshgurav
Level 1
Level 1

‎07-23-2008 08:51 PM

time-range internet

periodic weekdays 9:00 to 18:00

ip access-list extended strict

deny tcp any host 172.16.0.1 time-range internet

interface FastEthernet0/0

ip access-group strict in

Above is the router configurations but the access list says inactive.

Please help

0 Helpful

Goutam Sanyal
Level 4
Level 4
In response to umeshgurav

‎07-23-2008 10:05 PM

Dear Umesh,

Please inform that whether are you using any NTP clock source? If yes, then pls confirm that your router is properly connected with NTP server / source. Else it will not work properly.

If the router is using local time then it will active as per the mentioned time, otherwise it will show inactive.

Also please try the following:

1.deny tcp any host 172.16.0.1 [port_number_for_your_proxy] time-range internet

2.int serial [interface number]

3.ip access-group strict out

[Your mail has been replied with the same]

Thanks

Goutam

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card