With the continuous development of the network, routers have played an important role in the campus network. However, many units only use one of its basic functions - routing. In fact, the router can also be used to set access control policies. Now, taking Cisco router as an example, let’s talk about the application of router access list.
What can access the list do
With the development of the network and the changes in user requirements, starting from IOS 12.0, Cisco routers have added a new time-based access list. Through it, the forwarding of network packets can be controlled according to different times of day or according to different dates of the week (of course, it can also be combined). This time-based access list is to add an effective time range to the original standard access list and extended access list to control the network more reasonably and effectively. It requires first defining a time range and then applying it based on the original various access lists. Also, it applies to both numbered access tables and name access tables.
Syntax format
Use the Time-range command to specify the name of the time range, and then use the Absolute command to define the time range in detail. The IOS command format is:
time-range time-range-name absolute [start time date] [end time date] periodic days-of-the week hh:mm to [days-of-the week] hh:mm
For example: To indicate that every day from 6 am to 10 pm, you can use this sentence:
absolute start 6:00 end 22:00
Application examples
In order to prevent the subnet machine from browsing during working hours, the settings are from 0:00 on December 1, 2002 to 23:59 on December 31, 2002. This month, the Internet can only be accessed through the school's network from 7 a.m. Saturday to 10 p.m. Sunday. We do the following time-based access control list to implement such a function:
router# config t
router(config)# interface ethernet 0
router(config-if)#ip access-group 101 in
router(config-if)#time-range http
router(config-if)#absolute start 0:00 1 December 2002 end 23:59 31
december 2000 periodic Saturday 7:00 to Sunday 22:00
router(config-if)#ip access-list 101 permit tcp any any eq 80 http
From this we are not difficult to see that the access control list of Cisco routers has brought us great convenience in network management. You might as well explore its functions to make the best use of the items. Article entry: csh Editor in charge: csh
What can access the list do
With the development of the network and the changes in user requirements, starting from IOS 12.0, Cisco routers have added a new time-based access list. Through it, the forwarding of network packets can be controlled according to different times of day or according to different dates of the week (of course, it can also be combined). This time-based access list is to add an effective time range to the original standard access list and extended access list to control the network more reasonably and effectively. It requires first defining a time range and then applying it based on the original various access lists. Also, it applies to both numbered access tables and name access tables.
Syntax format
Use the Time-range command to specify the name of the time range, and then use the Absolute command to define the time range in detail. The IOS command format is:
time-range time-range-name absolute [start time date] [end time date] periodic days-of-the week hh:mm to [days-of-the week] hh:mm
For example: To indicate that every day from 6 am to 10 pm, you can use this sentence:
absolute start 6:00 end 22:00
Application examples
In order to prevent the subnet machine from browsing during working hours, the settings are from 0:00 on December 1, 2002 to 23:59 on December 31, 2002. This month, the Internet can only be accessed through the school's network from 7 a.m. Saturday to 10 p.m. Sunday. We do the following time-based access control list to implement such a function:
router# config t
router(config)# interface ethernet 0
router(config-if)#ip access-group 101 in
router(config-if)#time-range http
router(config-if)#absolute start 0:00 1 December 2002 end 23:59 31
december 2000 periodic Saturday 7:00 to Sunday 22:00
router(config-if)#ip access-list 101 permit tcp any any eq 80 http
From this we are not difficult to see that the access control list of Cisco routers has brought us great convenience in network management. You might as well explore its functions to make the best use of the items. Article entry: csh Editor in charge: csh