What are Time-based ACLs?
Time-based ACLs are types of control lists that allow for network access based on time or day. Its function is similar to that of the extended ACLs. Time-based ACLs is implemented by creating a time range that defines specific times of the day and week.
This time range created have to be identified with a specific name and then refer to it by a function. The time restrictions are imposed on the function itself.
Time-based ACLs are especially useful when you want to place restriction(s) on inbound or outbound traffic based on the time of day.
For example, you might apply time-based ACLs if you wanted to only allow access to the Internet during a particular time of the day or allow access to a particular server only during work hours. The time range relies on the router system clock.
The feature works best with Network Time Protocol (NTP) synchronization, but the router clock can be used.
Advantages of Time-based ACLs.
Time-based ACLs have many advantages, such as:
It offers the network administrator more control over permitting or denying access to resources.
Allows a network administrator to control logging messages. ACL entries can log traffic at certain times of the day, but not constantly. Therefore, administrators can simply deny access without analyzing the many logs that are generated during peak hours.
Time Based ACL Configuration Example
The following example shows the steps that are required. In the example, a Telnet connection is permitted from the inside network to the outside network on Monday, Wednesday, and Friday during business hours.
Step-by-Step Configuration of Time-base ACLs
Define the time range to implement the ACL and give it a name-EVERYOTHERDAY, in this case.
R3(config-time-range)#periodic Monday Wednesday Friday 9.00 to 17.00
Apply the time range to the ACL.
R3(config)#access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq telnet time-range WEBNETDAY
Apply the ACL to the interface.
R3(config-if)#ip access-group 101 out
Dynamic or Lock-and-Key ACLs
Creating and Configuring Standard ACLs