In the management of campus network, client access control is an important part. We often use Access-list to control it. If combined with time, it will be more flexible to control it. Cisco has introduced a time-based access table since IOS version 12.0, which can realize the control of a certain time point or time period. For example, our school controls the Internet access period in the "Banbantong" classroom: Web surfing is allowed from 8:00 am to 18:00 pm every weekday, and access to the Internet is prohibited at other times. Implementing a time-based access table requires only two steps: the first step is to define a time range; the second step is to use Time-range to reference the time range just defined in the access table. Let’s introduce in detail how to use it.
1. Define the time range
Defining the time range is divided into two steps.
1. Use the Time-range command to correctly specify the time range.
Format: time-range time-range-name
Time-range-name is used to mark the time range for reference in the access table.
2. Use Absolute or one or more Periodic statements to define a time range. Each time range can only have one Absolute statement, but it can have multiple Periodic statements.
(1) Format: absolute [start time date] [end time date]
Time enters time in hour and minute mode (hh:mm).
Date Enter dates in the form of day, month, and year.
For example: absolute start 8:00 end 18:00
(2) Format: periodic days-of-the-
week hh:mm to [days-of-the-week] hh:mm
Days-of-the-week is effective or several days; the parameter can be a single day (such as Monday) a few days (Monday to Friday) or Daily, Weekday or Weekend.
Daily from Monday to Sunday.
Weekday from Monday to Friday.
Weekend Saturday and Sunday.
For example: from 8:00 am on Saturday to 18:00 pm on Sunday
periodic weekend 8:00 to 18:00
8:00 to 18:00 every day during the week
periodic daily 8:00 to 18:00
From 15:00 on Wednesday to 8:00 on Saturday
periodic wednesday 15:00 to saturday 8:00
2. Use Time-range to reference the time range just defined in the access table
For example: ip access-list 101 permit any any eq 80 time-range time-range-name
Time-range-name is a name defined with Time-range.
III. Example
Purpose: Restrict web surfing on the 192.168.4.0 network, and only allow web access from 7:00 Monday to 18:00 Friday from 1 May 2004 to 31 December 2004.
Interface FastEthernet 0
ip access-grop 101 in
time-range allow-http
absolute start 7:00 1 May 2004 end 18:00 31 December 2004
periodic weekday 7:00 to 18:00
ip access-list 101 permit tcp 192.168.4.0 0.0.0.255 any eq 80 time-range allow-http
The last statement applies the time range named Allow-http to the extended IP access table, allowing only web surfing that meets the time range. Of course, we can also control other aspects, it depends on your needs.
In fact, as the most important device at the network layer, routers provide us with many means to control and maintain the network. Time-based access tables can not only control network access, but also control data traffic in a certain time period. As long as we perform our imagination, we can achieve many functions.
Article entry: csh Editor in charge: csh