cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2027
Views
0
Helpful
2
Replies

Time range access-list problem

aadilovic
Level 1
Level 1

I made this access-list:

Standard IP access list 1

10 permit any (135 matches)

Extended IP access list RadniSati

1 permit tcp 192.168.0.0 0.0.0.255 any eq smtp

2 permit tcp 192.168.0.0 0.0.0.255 any eq pop3

10 permit ip host 192.168.0.40 any time-range RadniSati2 (inactive)

20 permit ip host 192.168.0.42 any time-range RadniSati2 (inactive)

30 permit ip host 192.168.0.50 any time-range RadniSati2 (inactive)

40 permit ip host 192.168.0.51 any time-range RadniSati2 (inactive)

50 permit ip host 192.168.0.52 any time-range RadniSati2 (inactive)

60 permit ip host 192.168.0.57 any time-range RadniSati2 (inactive)

70 permit ip host 192.168.0.58 any time-range RadniSati2 (inactive)

80 permit ip host 192.168.0.59 any time-range RadniSati2 (inactive)

90 permit ip host 192.168.0.60 any time-range RadniSati2 (inactive)

100 permit ip host 192.168.0.9 any time-range RadniSati (active) (16 matches)

110 permit ip host 192.168.0.10 any time-range RadniSati (active)

120 permit ip host 192.168.0.12 any time-range RadniSati (active)

130 permit ip host 192.168.0.111 any time-range RadniSati (active) (573 matches)

140 permit ip host 192.168.0.153 any time-range RadniSati (active) (190 matches)

150 permit ip host 192.168.0.15 any time-range RadniSati (active) (9 matches)

160 permit ip host 192.168.0.16 any time-range RadniSati (active)

170 permit ip host 192.168.0.14 any time-range RadniSati (active)

180 permit ip host 192.168.0.24 any time-range RadniSati (active) (170 matches)

190 permit ip host 192.168.0.20 any time-range RadniSati (active)

200 permit ip host 192.168.0.21 any time-range RadniSati (active) (3 matches)

210 permit ip host 192.168.0.3 any time-range RadniSati00-24 (active) (669 matches)

220 permit ip host 192.168.0.23 any time-range RadniSati00-24 (active) (199 matches)

230 permit ip host 192.168.0.61 any time-range RadniSati00-24 (active)

240 permit ip host 192.168.0.82 any time-range RadniSati00-24 (active)

250 permit ip host 192.168.0.41 any time-range RadniSati00-24 (active) (3 matches)

260 permit ip host 192.168.0.62 any time-range RadniSati00-24 (active) (12 matches)

270 permit ip host 192.168.0.65 any time-range RadniSati00-24 (active)

280 permit ip host 192.168.0.66 any time-range RadniSati00-24 (active) (48 matches)

The problem is that this ACL is working only for 2 days and then it stops. I have then to take the acl out of the interface and put it back in.

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip access-group RadniSati in

ip nat inside

ip virtual-reassembly

Router is 876 and IOS c870-adventerprisek9-mz.124-6.T5

2 Replies 2

gmarogi
Level 5
Level 5

The time range relies on the software clock of the routing device. For the time range feature to work the way you intend, you need a reliable clock source. We recommend that you use Network Time Protocol (NTP) to synchronize the software clock of the routing device

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087ae5.html

Can you post the time range configuration?

What type of router is this and when ACL doesn't work were you seeing any problems like high CPU etc..?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: