Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Time Based Access List

Dear All

I have a lease line as primary and Vsat as backup link to a remote branch,with the lan ip range We have internet access to the remote user via proxy .I want to restrict a block of host to access the internet at particular time .These host shud be able to access internet everyday between 8.00 am to 10.00 am in morning and 18.00 to 20.00 hrs in teh evening .

Kindly help me to configure this.




Re: Time Based Access List

Hi Umesh,

Please do the following:-

login to router-> conf t->

#time-range [name_locally]

#periodic daily [start_time] to [end_time]

#periodic daily [start_time] to [end_time]

Access-list configuration

#ip access-list extended [name_of _access-list]

#permit tcp [your_required_network] [netmusk] [proxy_ip_address] time-range [name_locally]

Apply it to the required interface.

For PIX, do the following:

#time-range entry: [name_time_range] (active)

periodic daily 10:30 to 11:00

periodic daily 13:00 to 14:00

periodic daily 17:00 to 18:00

#access-list acl_in line 77 extended permit ip host [proxy_ip_address] any time-range

#access-list acl_in line 77 extended permit ip host [proxy_ip_address] any time-range [name_time_range]


Goutam [pls rate if it works]

New Member

Re: Time Based Access List

time-range internet

periodic weekdays 9:00 to 18:00

ip access-list extended strict

deny tcp any host time-range internet

interface FastEthernet0/0

ip access-group strict in

Above is the router configurations but the access list says inactive.

Please help

Re: Time Based Access List

Dear Umesh,

Please inform that whether are you using any NTP clock source? If yes, then pls confirm that your router is properly connected with NTP server / source. Else it will not work properly.

If the router is using local time then it will active as per the mentioned time, otherwise it will show inactive.

Also please try the following:

1.deny tcp any host [port_number_for_your_proxy] time-range internet serial [interface number]

3.ip access-group strict out

[Your mail has been replied with the same]