Example 114 Sample Configuration for Time Range ACL

Firewall(config)#interface Ethernet0/0

Firewall(config-if)#ip address 192.168.100.253 255.255.255.0 Firewall(config-if)#ip access-group 111 in Firewall(config)#access-list 111 permit tcp

10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range TelnetAccess Firewall(config)#time-range TelnetAccess

Firewall(config-time-range)#periodic Monday Tuesday Thursday 7:00 to 18:00

Time ranges offer many possible benefits, including the following:

• The network administrator has more control over permitting or denying a user access to resources. These resources include an application (identified by an IP address/mask pair and a port number), policy routing, or an on-demand link (identified as interesting traffic to the dialer).

• When provider access rates vary by time of day, it is possible to automatically reroute traffic cost-effectively.

• Service providers can dynamically change a committed access rate (CAR) configuration to support the quality-of-service (QoS) service level agreements (SLA) that are negotiated for certain times of day.

• Network administrators can control logging messages. ACL entries can log traffic at certain times of the day but not constantly. Therefore, administrators can just deny access without analyzing the many logs generated during peak hours.

Policy-based routing and queuing functions are enhanced.

0 0

Post a comment