Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

Time based Access-List

Prerequisite – Access-lists (ACL)
An access-list is used mainly for packet filtering. It is a sequential series of various permit or deny conditions in which if one of the condition matches, it is executed and no other condition is matched further. Also, it contains an implicit deny at the end therefore the rules should have atleast one permit condition.
There are many types of Access-list like:

  1. Define time-range – first, we have to define a time-range in which can be defined with the help of keyword absolute or periodic.
    absolute: defines an absolute time. For example, if we want to block ICMP traffic to a subnet from Tuesday to Friday (absolute time), then we will use the absolute keyword.
    periodic: defines a periodic time. For example, if we want to block ICMP on particular subnet on every weekdays (Monday to Friday) then we can use the periodic keyword.
  2. Define an access-list – In the next step, an access-list will be defined in which we will apply our time-range.
  3. Apply access-list to an interface – Now, the access-list will be applied to an interface or line-vty according to our need.

Configuration –

There is a simple topology in which there is PC1( ip address- 10.1.1.2/24), router(ip address-10.1.1.1/24 on fa0/0 and 10.1.2.1/24 on fa0/1), PC2(ip address-10.1.2.2/24) and two switches namely Sw1 and Sw2 having all ports in vlan 1). After configuring these, we can see that the PC1 is able to ping PC2.

In this scenario, we will deny PC1 to ping PC2 in the time-range defined and then we will apply this time-range to an access-list. Finally, we will apply this to an interface of the router. Also, we know that it best works with NTP but here we will use router’s local clock.

We can see a router’s clock by command:

router#show clock

Also, we can change the clock time by command:

router#clock set 0:10:0 1 July 2018

Now, we will define time-range first specifying the time we want to block PC1 to ping PC2. 

router(config)#time-range time_flow
router(config)#absolute start 00:15 1 July 2018 
                end 00:20 1 July 2018

time_flow is the name of time-range (any name can be given). We have provided the time range from 00:15 to 00:20 on 1 July.
Here, use of absolute keyword has been shown.

If some scenario requires periodic time-range then it can be shown as: 

router(config)#time-range Periodic
router(config)#periodic weekdays 0:15 to 0:20

Here, Periodic is the name of time-range. Second command implies that on every week days (Monday to Friday) from 0:15 to 0:20, ping will not be allowed from 10.1.1.2 to 10.1.2.2 (after we apply this time-range to an access-list and then applying access-list to an interface as described further).

Defining an extended access-list named as Time_acl in which we will allow ICMP traffic to go through the router in the time-range defined by us. 

router(config)#ip access-list extended Time_acl
router(config-ext-nacl)#deny icmp host 10.1.1.1 host 
                      10.1.2.2 time-range time_flow

Now, we will apply this access-list to an interface fa0/1 of the router in the outbound direction to deny the traffic in the time-range (time_flow) defined by us. 

router(config)#int fa0/1
router(config-if)#ip access-group Time_acl out

By applying this, we will not able to ping 10.1.2.2 in the time-range defined by us.

Advantages –

Article Tags :
Computer Networks
Recommended Articles
1. Role-based Access Control
2. Parser View (Role based CLI access)
3. Context Based Access Control (CBAC)
4. Virtual Time Carrier Sensed Multiple Access (VT-CSMA)
5. Advantages and disadvantages of Time Division Multiple Access (TDMA)
6. Standard Access-List
7. Extended Access-List
8. Reflexive Access-List
9. Difference between Round trip time (RTT) and Time to live (TTL)
10. Why is Vulnerable Time Equal to 2*Tp Where Tp is Transmission Time?
11. Controlled Access Protocols in Computer Network
12. Access and Trunk Ports
13. Multiple Access Protocols in Computer Network
14. Java | CDMA (Code Division Multiple Access)
15. Access-Lists (ACL)
16. Difference between site to site VPN and remote access VPN
17. Lightweight Directory Access Protocol (LDAP)
18. Access Control Tactics in Computer Networks
19. Cloud Radio Access Network (C-RAN)
20. Remote Direct Memory Access (RDMA)
21. Wireless Media Access Issues in Internet of Things
22. Introduction of High Speed Downlink Packet Access (HSDPA)
23. Difference between Microsoft Excel and Microsoft Access
24. Link Access Procedure (LAP) Protocols
25. Link Access Protocol D-channel (LAPD)