Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Time-based ACLs

Dear Sir!

I've some questions about:

Q1: If I use a few 'periodic' entries AND one 'absolute' entry in my time-based ACL in time-range section, then time-based ACL don't work. But when I use

a few 'periodic' entries OR one 'absolute' entry (i.e. separately), then it works.

Why?

Q2: I use external NTP-server to synchronize router.

Then I define 'clock timezone' and 'clock summer-time'. Why ACLs log messages use hardware-timer, but not software clock? - in IOS docs 'clock update-calendar' used for sync hard-timer from soft-timer

But there are no such command

in my IOS image (c2600-jk8o3s-mz.122-6.bin). Why?

I tell about it, because time-based ACL use soft-time, but ACL messages log use hard-time, and because I've 'clock timezone', there are difference between

soft and hard- timer values

Best regards,

Nick

1 REPLY
Cisco Employee

Re: Time-based ACLs

Answer to your first question:

If you have a few periodic entries and one absolute entry in a time-range, the periodic entries will be valid within the time-bounds defined by the single absolute entry. Eg., if you have two periodic entries, 1. mon-wed 2. thu-fri and one absolute entry - 1st Jan 2002 to 1st Oct 2002, periodic entries mon-wed & thu-fri will be active only within 1st jan 2002 to 1st oct 2002.

Hope this helps.

-Ganesh.

307
Views
0
Helpful
1
Replies
CreatePlease to create content