Time Range ACL

We are going to Configure a router (R5’s) FastEthernet0/0 to block all outbound FTP traffic from 9am to 5pm Monday through Friday.  All other traffic should be allowed.

In this step we want to block all outbound FTP access on R5’s FastEthernet0/0 interface between 9a.m. and 5p.m. every weekday.  We will first create our time range, and then apply the time range to an extended access list.  Finally we will apply the access-list to R5’s FastEthernet0/0 interface outbound.
Step By Step Solution
First we need to create our time range.  In this case we are using periodic since we want this to take effect every weekday, not just one time.

R5(config)#time-range BLOCKFTP
R5(config-time-range)# periodic weekdays 9:00 to 17:00

The name BLOCKFTP is arbitrary, you can name the time range anything you wish.  The one important thing to remember is that the time is entered in military fashion, based on a 24 hours clock.

Next we will create the extended access-list to block the traffic during the time range.

R5(config)#access-list 100 deny   tcp any any eq ftp time-range BLOCKFTP
R5(config)#access-list 100 deny   tcp any any eq ftp-data time-range BLOCKFTP
R5(config)#access-list 100 permit ip any any

Since we are just told to block all FTP traffic, we are going to block any source, trying to get to any FTP destination, for both FTP and FTP-DATA during the specified time range.  The time range entry on the access-list will only be active during the specified times.  However, the implicit deny at the end of the access-list still exists so we must enter the permit ip any any to allow all other traffic through.

Finally we must apply the access-list on R5’s FastEthernet0/0 interface outbound.

R5(config)#interface FastEthernet0/0
R5(config-if)# ip access-group 100 out

The Time Range Access-list shows that it is ‘active’.  Looking at our clock we can see that it is 15:16 and it is a Thursday, our Time Range should be active, and is active at this time.

A Networker Blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s