Time Based ACLs Explained

By | 9th November 2015

What are Time-based ACLs?

Time-based ACLs are types of control lists that allow for network access based on time or day. Its function is similar to that of the extended ACLs. Time-based ACLs is implemented by creating a time range that defines specific times of the day and week.

This time range created have to be identified with a specific name and then refer to it by a function. The time restrictions are imposed on the function itself.

Time-based ACLs are especially useful when you want to place restriction(s) on inbound or outbound traffic based on the time of day.

For example, you might apply time-based ACLs if you wanted to only allow access to the Internet during a particular time of the day or allow access to a particular server only during work hours. The time range relies on the router system clock.

The feature works best with Network Time Protocol (NTP) synchronization, but the router clock can be used.

Advantages of Time-based ACLs.

Time-based ACLs have many advantages, such as:

It offers the network administrator more control over permitting or denying access to resources.
Allows a network administrator to control logging messages. ACL entries can log traffic at certain times of the day, but not constantly. Therefore, administrators can simply deny access without analyzing the many logs that are generated during peak hours.

Time Based ACL Configuration Example

The following example shows the steps that are required. In the example, a Telnet connection is permitted from the inside network to the outside network on Monday, Wednesday, and Friday during business hours.

Time-base ACLs

Time based acls

Step-by-Step Configuration of Time-base ACLs

Step 1.

Define the time range to implement the ACL and give it a name-EVERYOTHERDAY, in this case.

R3#config t

R3(config)#time-range WEBNETDAY

R3(config-time-range)#periodic Monday Wednesday Friday 9.00 to 17.00

Step 2.

Apply the time range to the ACL.

R3(config)#access-list 101 permit tcp any eq telnet time-range WEBNETDAY

Step 3.

Apply the ACL to the interface.

R3(config)#interface s0/0/0

R3(config-if)#ip access-group 101 out

Dynamic or Lock-and-Key ACLs

Reflexive ACLs


Access List Configuration Example

Applying Extended ACLs on Interfaces

Complex ACLs Explained

Creating and Configuring Standard ACLs

How to Configure Switchport ACLs

Numbering and Naming ACLs

Troubleshooting ACLs Errors

Leave a Reply

Your email address will not be published. Required fields are marked *