using command scheduler for accesslist

donnie · ‎10-21-2010

Hi all,

My environment does not allow PCs to access the internet on port80 which is configured on my cisco 1811. However recently an antivirus solution was roll out to the PCs which require to download updates via port80. The update source on the internet has a fqdn but no fix ip. My accesslist allow PCs to access this particular fqdn on port80 by specifying the fqdn on the acl but since it does not have fix ip, my PCs still fail to download updates. Hence i would like to use command scheduler to allow my cisco 1811 to be able to resolve the fqdn every few hrs to get a updated ip so that the ip of the update source specified in my accesslist gets updated. Pls advise how i can do this? Thks in advance.

Leo Laohoo · ‎10-21-2010

Time-Based ACLs Using Time Ranges

http://www.cisco.com/en/US/customer/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#timebasedtimerange

Please don't forget to rate useful posts. Thanks.

donnie · ‎10-24-2010

Hi Leolaohoo,

This allow my accesslist to be enabled on the define period but it does not update the fqdn specified in my accesslist.

donnie · ‎10-24-2010

Hi all,

I have a existing accesslist in my cisco 1811 as below and is enabled for port address translation.

access-list 101 permit ip any 2.2.2.0 0.0.0.255
access-list 101 permit ip any 3.3.3.0 0.0.0.255

ip nat inside source list 101 interface FastEthernet0 overload

If i specify my command scheduler as below for accesslist 101 on every hr. Does it mean that i will be able to access 1.1.1.0 but not be able to access 2.2.2.0 and 3.3.3.0? Pls advise.

kron policy-list access-list

access-list 101 permit ip any 1.1.1.0 0.0.0.255

kron occurrence hourly in 0:1:0 recurring

policy-list access-list