Dynamic Requirements
1) Allow internet access to employees only after 5 PM
2) Block printer access during weekends
3) Allow Internet access on 4th Feb 2011 as it is our company’s anniversary
4) Allow Printer access on coming saturday as we have to take a lot of printouts during the weekend
5) Block access to Internet on weekends
Can access-list help?
Access-list can fulfill the technical part i.e, blocking internet, access to printer,etc.
But what about relationship with time?
Blocking access to Internet during weekends
Network Engineer has come on Friday night around 11:50 PM, create the access-list and go home
He/She has to once again come back around 11:50 PM on Sunday night and remove the access-list
Something better is required
Diagram we are going to use
Conditions:
R3 should not be allowed internet access and icmp access to R1 during weekends
Steps in creating Time Based Access Lists
1) Set the clock to current time
Use the clock command
Be aware of the mode
2) Create a time range
Use the time-range command
3) Associate the time range with access-list
Connect the access-list the time-range
4) Apply it on desired interface
Use ip access-group command
Be careful of direction, implicit deny and routing protocol
No comments:
Post a Comment