From: Marvin Greenlee (marvingreenlee@yahoo.com)
Date: Tue May 30 2006 - 00:17:01 ART
The time-range looks at hours and minutes, and doesn't
look at seconds.
So a time range ending at 17:59 is active until
17:59:59, and a time-rante ending at 18:00 is active
until 18:00:59.
Standard Lab rules apply - when in doubt, lab it up.
Set a time-range, and alternate between 'show clock'
and 'show time-range' to see when it is no longer
active.
There are also some interesting behaviors regarding
"end of day" and "end of week". Depending on IOS
version, you may be better off setting:
periodic weekday 18:00 to 11:59
periodic weekday 00:00 to 05:59
--- darbyweaver@yahoo.com wrote:
> I was wondering what the general consensus was with
> regard to Time-Range ACLs.
>
> If I wanted to do the following:
>
> Don't permit ftp traffic during weekdays from 18:00
> to 06:00.
>
> conf t
> ip access-list extended FTP_TOD
> deny tcp any any eq www time-range FTP_DAYS
> permit ip any any
> exit
>
> time-range FTP_DAYS
> periodic weekday 18:00 to 05:59
> exit
>
> int F0/0
> ip access-group FTP_TOD in
>
>
> or would be this be more accurate:
>
> conf t
> ip access-list extended FTP_TOD
> deny tcp any any eq www time-range FTP_DAYS
> permit ip any any
> exit
>
> time-range FTP_DAYS
> periodic weekday 18:00 to 06:00
> exit
>
> int F0/0
> ip access-group FTP_TOD in
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART