Saturday, February 7, 2015

Time Base ACL

Dynamic Requirements

1) Allow internet access to employees only after 5 PM
2) Block printer access during weekends
3) Allow Internet access on 4th Feb 2011 as it is our company’s anniversary
4) Allow Printer access on coming saturday as we have to take a lot of printouts during the weekend
5) Block access to Internet on weekends 

Can access-list help? 

   Access-list can fulfill the technical part i.e, blocking internet, access to printer,etc.
   But what about relationship with time?
   Blocking access to Internet during weekends
   Network Engineer has come on Friday night around 11:50 PM, create the access-list and go home
   He/She has to once again come back around 11:50 PM on Sunday night and remove the access-list
   Something better is required 

Diagram we are going to use

Conditions:
   R3 should not be allowed internet access and icmp access to R1 during weekends

 Steps in creating Time Based Access Lists

1) Set the clock to current time
    Use the clock command 
    Be aware of the mode
2) Create a time range
     Use the time-range command
3) Associate the time range with access-list
     Connect the access-list the time-range 
4) Apply it on desired interface
      Use  ip access-group command 
      Be careful of direction, implicit deny and routing protocol


No comments:

Post a Comment