RE: TIME RANGE ACCESS-LISTS

From: mani poopal (mani_ccie@yahoo.com)
Date: Fri Feb 11 2005 - 16:52:02 GMT-3

Hi Scott/Edward/Lee,
 
Thanks for the response , I think if they specify after hours weekdays, you have to write 2 statements as follows(5.00PM to following day 8.00AM)
time HTTP
periodic weekdays 17:00 to 23:59<--Is this means starting time after and including 17:00:01(not 17:00:00) because there can be another access up to 5.00PM(8:00-16:59)
periodic weekdays 0:00 to 7:59
 
thanks
 
Mani

"Edwards, Andrew M" <andrew.m.edwards@boeing.com> wrote:
Mani,

Time-range with the ending time such that whatever time you specify is
one minute before the requested time. Why? Because the time range
value ending time is valid until one minute after the time speficied.
IOS will tell you that if you do "periodic 00:00 to ?"

So...assuming "afterhours means 5PM to 8AM": (but I'd ask proctor)

Time-range telnet
periodic weekdays 8:00 to 16:59 <- valid until ONE minute AFTER the
specified time; till 17:00

time-range HTTP
periodic weekdays 17:00 to 23:59 <- valid until ONE minute AFTER the
specified time; till 0:00
periodic weekdays 0:00 to 7:59 <- valid until ONE minute AFTER the
specified time; until 8AM

HTH,

Andy
-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: Friday, February 11, 2005 6:46 AM
To: Lee Donald; ccielab@groupstudy.com
Subject: RE: TIME RANGE ACCESS-LISTS

Lee,

Your reasoning make sense and may some GS gurus finalise our thinking

thanks

Mani

Lee Donald wrote:
Mani,

I think you have the ending time right but not the starting time.

The way I understand it is as follows,

periodic weekdays 17:00 to 23:59
periodic weekdays 0:00 to 7:59

Time starts at the beginning not at 1 minute on. 1 Minute on is into the
next hour, so it will end at 23:59 because that is the last minute
before the new hour starts. 12:00:01 is within the following hour, and
the first minute of an hour starts at 00:00:01.

I hope that makes sense??

It does to my twisted head.

-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 10 February 2005 14:03
To: ccielab@groupstudy.com
Subject: TIME RANGE ACCESS-LISTS

Hi Group,

I have a doubt about time definitions in the time range access-list, pls
look at the following time range access-lists for time specified(A, B
and C) and any feed back is appreciated. ============================

TIME RANGE ACCESS-LISTS:
A.telnet WEEKDAYS FROM 8AM-5PM
B.HTTP AFTER HOURS WEEKDAYS
C.ALL TRAFFIC ON WEEKENDS AT ANY TIME
access-list 101 permit tcp any any eq 23 time-range TELNET access-list
101 permit tcp any any eq www time-range HTTP access-list 101 permit ip
any any time-range ANY time-range ANY periodic weekend 0:00 to
23:59<---ARE THESE RIGHT

time-range TELNET
periodic weekdays 8:00 to 17:00

time-range HTTP
periodic weekdays 17:01 to 23:59<--ARE THESE RIGHT
periodic weekdays 0:01 to 7:59 <--ARE THESE RIGHT

interface Ethernet0
ip access-group 101 out

THANKS

MANI

B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM

---------------------------------
Do you Yahoo!?
Yahoo! Search presents - Jib Jab's 'Second Term'

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:19 GMT-3