Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Creating a time-based ACL

Hi all,

I need to create a time-based ACL. I have been told that I just need to create the time-range and delete the existing access-list 199.

The rest of the config is already there as a nested policy map, so you will not need to apply anything to the interface.

Here is the policy map and class map:

class-map match-any MANCAM

match access-group 199

policy-map WAN-OUT

class MANCAM

  police cir 256000

interface Serial0/0/0:1.1 point-to-point

service-policy output WAN-OUT


Can someone help?

2 ACCEPTED SOLUTIONS

Accepted Solutions

Creating a time-based ACL

A time range needs to be created an applied:

time-range MANCAM
periodic weekdays 08:00 to 17:00

ip access-list ext 199
no
permit tcp any any eq 80 time-range MANCAM
deny tcp any any eq 80

When the time range is in effect, Monday - Friday from 8 - 5PM, traffic to a web server will be allowed. If the time is outside of this range, the acl entry is bypassed and hits the second line to deny traffic to the web server. The same concept applies for policy maps as well. If the traffic is within the time range, the traffic is policed/shaped/dropped (whatever your policy does), and if it's outside of the range then it's would end up matching class default (or another class if you wanted ).

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Re: Creating a time-based ACL

If you have an existing acl you'll want to remove it before adding this one. Remember to add it in the correct sequence in your acl though.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***
4 REPLIES

Creating a time-based ACL

A time range needs to be created an applied:

time-range MANCAM
periodic weekdays 08:00 to 17:00

ip access-list ext 199
no
permit tcp any any eq 80 time-range MANCAM
deny tcp any any eq 80

When the time range is in effect, Monday - Friday from 8 - 5PM, traffic to a web server will be allowed. If the time is outside of this range, the acl entry is bypassed and hits the second line to deny traffic to the web server. The same concept applies for policy maps as well. If the traffic is within the time range, the traffic is policed/shaped/dropped (whatever your policy does), and if it's outside of the range then it's would end up matching class default (or another class if you wanted ).

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Creating a time-based ACL

Ah ok. Thank you so much for assisting.

What is the 'no' line for ?

Re: Creating a time-based ACL

If you have an existing acl you'll want to remove it before adding this one. Remember to add it in the correct sequence in your acl though.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***
New Member

Re: Creating a time-based ACL

Ah yes. Excellent.
Will do.

Thank you so much John. I get it now!

106
Views
0
Helpful
4
Replies