From: Shaikh, Nasir (Nasir.Shaikh@atosorigin.com)
Date: Sat Feb 19 2005 - 06:30:36 GMT-3
Hi,
A related question:
How are the time-based access-lists checked in the lab? Just the configuration or whether they really work? For these access-lists to work, the clock should be set. If the lab does not require a ntp server to be set do I still need to configure that? If yes, is there a particular router in the lab that I should use as a server?
thanks
Nasir
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
mani poopal
Sent: vrijdag 11 februari 2005 20:52
To: Edwards, Andrew M; Lee Donald; ccielab@groupstudy.com
Subject: RE: TIME RANGE ACCESS-LISTS
Hi Scott/Edward/Lee,
Thanks for the response , I think if they specify after hours weekdays, you have to write 2 statements as follows(5.00PM to following day 8.00AM)
time HTTP
periodic weekdays 17:00 to 23:59<--Is this means starting time after and including 17:00:01(not 17:00:00) because there can be another access up to 5.00PM(8:00-16:59)
periodic weekdays 0:00 to 7:59
thanks
Mani
"Edwards, Andrew M" <andrew.m.edwards@boeing.com> wrote:
Mani,
Time-range with the ending time such that whatever time you specify is
one minute before the requested time. Why? Because the time range
value ending time is valid until one minute after the time speficied.
IOS will tell you that if you do "periodic 00:00 to ?"
So...assuming "afterhours means 5PM to 8AM": (but I'd ask proctor)
Time-range telnet
periodic weekdays 8:00 to 16:59 <- valid until ONE minute AFTER the
specified time; till 17:00
time-range HTTP
periodic weekdays 17:00 to 23:59 <- valid until ONE minute AFTER the
specified time; till 0:00
periodic weekdays 0:00 to 7:59 <- valid until ONE minute AFTER the
specified time; until 8AM
HTH,
Andy
-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: Friday, February 11, 2005 6:46 AM
To: Lee Donald; ccielab@groupstudy.com
Subject: RE: TIME RANGE ACCESS-LISTS
Lee,
Your reasoning make sense and may some GS gurus finalise our thinking
thanks
Mani
Lee Donald wrote:
Mani,
I think you have the ending time right but not the starting time.
The way I understand it is as follows,
periodic weekdays 17:00 to 23:59
periodic weekdays 0:00 to 7:59
Time starts at the beginning not at 1 minute on. 1 Minute on is into the
next hour, so it will end at 23:59 because that is the last minute
before the new hour starts. 12:00:01 is within the following hour, and
the first minute of an hour starts at 00:00:01.
I hope that makes sense??
It does to my twisted head.
-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 10 February 2005 14:03
To: ccielab@groupstudy.com
Subject: TIME RANGE ACCESS-LISTS
Hi Group,
I have a doubt about time definitions in the time range access-list, pls
look at the following time range access-lists for time specified(A, B
and C) and any feed back is appreciated. ============================
TIME RANGE ACCESS-LISTS:
A.telnet WEEKDAYS FROM 8AM-5PM
B.HTTP AFTER HOURS WEEKDAYS
C.ALL TRAFFIC ON WEEKENDS AT ANY TIME
access-list 101 permit tcp any any eq 23 time-range TELNET access-list
101 permit tcp any any eq www time-range HTTP access-list 101 permit ip
any any time-range ANY time-range ANY periodic weekend 0:00 to
23:59<---ARE THESE RIGHT
time-range TELNET
periodic weekdays 8:00 to 17:00
time-range HTTP
periodic weekdays 17:01 to 23:59<--ARE THESE RIGHT
periodic weekdays 0:01 to 7:59 <--ARE THESE RIGHT
interface Ethernet0
ip access-group 101 out
THANKS
MANI
B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM
---------------------------------
Do you Yahoo!?
Yahoo! Search presents - Jib Jab's 'Second Term'
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:23 GMT-3