Re: TIME-RANGE ACCES LST

waradito · ‎08-15-2019

below is my network topology.

i want make acces list based time range, network 172.10.1.0/24 only able to access server at office hour, and other network able to akses server any time , can somebody help me please?

Giuseppe Larosa · ‎08-17-2019

Hello waradito,

you may solved by yourself now.

look at the following configuration example and adapts it to your needs

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-1/configuration_guide/b_161_consolidated_3850_cg/b_161_consolidated_3850_cg_chapter_01010011.html?dtid=osscdc000283#topic_B499C01B0A4F4F6E9DADCDF51BDE99F8

You need to define the time ranges before being able to use them in ACL statements


Device# show time-range
time-range entry: new_year_day_2003 (inactive)
   absolute start 00:00 01 January 2006 end 23:59 01 January 2006
time-range entry: workhours (inactive)
   periodic weekdays 8:00 to 12:00
   periodic weekdays 13:00 to 17:00

To apply a time range, enter the time-range name in an extended ACL that can implement time ranges. This example shows how to create and verify extended access list 188 that denies TCP traffic from any source to any destination during the defined holiday times and permits all TCP traffic during work hours.

Device(config)# access-list 188 deny tcp any any time-range new_year_day_2006
Device(config)# access-list 188 permit tcp any any time-range workhours
Device(config)# end
Device# show access-lists
Extended IP access list 188
   10 deny tcp any any time-range new_year_day_2006 (inactive)
   20 permit tcp any any time-range workhours (inactive)

Hope to help

Giuseppe