cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
576
Views
0
Helpful
2
Replies

Quota Based Network Resource Access

nomykhannedian
Level 1
Level 1

I am looking for Cisco or non-Cisco solution.

I have a few network resources that i need the user to access from Internet.I should be able to allocate a user "X" number of hours and he should be able to use it for that much time only.

e.g Mr.A can use resource App A for 5 hours. Each time user connects to the resource the counter begins and hours are deducted from his bucket.

I saw the following features in ACS 

Setting Time Usage Quotas

Put an ASA in front of my applications with SSL/remote access VPN. Enable time quota on ACS and display the accounting information from ACS to user web portal/interface.

Any better solution? ideas? third party? cloud based?

thanks.

2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

time based access-list on switch or router should do either 

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#distrib

Time-Based ACLs Using Time Ranges

Time-based ACLs were introduced in Cisco IOS Software Release 12.0.1.T. While similar to extended ACLs in function, they allow for access control based on time. A time range is created that defines specific times of the day and week in order to implement time-based ACLs. The time range is identified by a name and then referenced by a function. Therefore, the time restrictions are imposed on the function itself. The time range relies on the router system clock. The router clock can be used, but the feature works best with Network Time Protocol (NTP) synchronization.

These are time-based ACL commands.


!--- Defines a named time range.

time-range time-range-name 

!--- Defines the periodic times. 

periodic days-of-the-week hh:mm to [days-of-the-week] hh:mm 
       

!--- Or, defines the absolute times.

absolute [start time date] [end time date] 

!--- The time range used in the actual ACL.

ip access-list name|number <extended_definition>time-rangename_of_time-range  

In this example, a Telnet connection is permitted from the inside to outside network on Monday, Wednesday, and Friday during business hours:

interface Ethernet0/0 
ip address 10.1.1.1 255.255.255.0 
ip access-group 101 in      

access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255        
eq telnet time-range EVERYOTHERDAY  

time-range EVERYOTHERDAY 
periodic Monday Wednesday Friday 8:00 to 17:00

Does time based ACL solve my problem? I donot think so.

With ACL you can only get user connected between certian time ranges.


What is need is "No of hrs" user can connect. For.e.g

Allice can connect for 4 hours only (he can connect any time of the day but once he consume is hrs bucket ; he will be denied access)