05-12-2003 05:52 AM - edited 03-02-2019 07:16 AM
Hi
I am looking for configuring time bound access on my Router so that the users from one of the branches do connect to the Central office during certail times , I have below the configuration that I thought would be perfectly fine , but it does not seem to be working as desired , could any one let me know the missing link .
Password:
otisauh#sh conf
Using 1647 out of 8065 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
enable secret ****
!
clock timezone mideast 4
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description Connected to AUHLAN
ip address 131.20.1.200 255.255.0.0
ip access-group 100 in
no ip directed-broadcast
no keepalive
no cdp enable
!
interface BRI0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
no cdp enable
!
interface Dialer0
no ip address
no ip directed-broadcast
no cdp enable
!
interface Dialer1
ip address x.x.x.1 255.255.0.0
no ip directed-broadcast
encapsulation ppp
no ip split-horizon
dialer in-band
dialer map ip x.x.x.2 name 2610 123456
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.2
access-list 1 permit any
access-list 100 permit ip any host 131.40.1.253
access-list 100 permit ip any host 131.40.1.150
access-list 100 permit ip any host 131.40.1.100
access-list 100 permit ip any host 131.40.1.9
access-list 100 permit ip host 131.20.1.43 any
access-list 100 deny ip any any time-range usage
dialer-list 1 protocol ip list 100
no cdp run
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
time-range usage
periodic daily 8:00 to 18:00
!
end
If there is any thing that is totally wrong in the Configuration for time bound access-lists please do let me know , like I said I just need to block access from my branch office to central office at certain time daily like 8.00 to 18.00
daily
Thanking you !
Tauseef
05-12-2003 11:58 AM
I'm not fully sure what you're trying to accomplish, so I will give a couple examples.
Your access-list as written permits dialing if traffic is destined for one of the IP addresses 131.40.1.253, 150, 100 or 9, or if 131.20.1.43 is sending traffic. Right now your time-range access-list has absolutely no impact. You unconditionally permit your selected list of hosts to bring up the link at all times - the time-range entry is after everything. Also, it explicitly denies traffic between 8:00 to 18:00, and then you implicitly deny traffiic outside those hours as well, because you deny by default at the end of the access list.
If you are attempting to block ALL dialing attempts between the sites between 8:00 and 18:00 and THEN only allow selected hosts to bring up the link outside of those hours, use this:
access-list 100 deny ip any any time-range usage
access-list 100 permit ip any host 131.40.1.253
access-list 100 permit ip any host 131.40.1.150
access-list 100 permit ip any host 131.40.1.100
access-list 100 permit ip any host 131.40.1.9
access-list 100 permit ip host 131.20.1.43 any
If you are attempting to allow a few hosts to bring up the link anytime and then allow anything at all to bring up the link during "unblocked" hours, use this:
access-list 100 permit ip any host 131.40.1.253
access-list 100 permit ip any host 131.40.1.150
access-list 100 permit ip any host 131.40.1.100
access-list 100 permit ip any host 131.40.1.9
access-list 100 permit ip host 131.20.1.43 any
access-list 100 deny ip any any time-range usage
access-list 100 permit ip any any
Let me know if I did not cover a case you need.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: