Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 |
time-range
time-range-name
Example:
Router(config)# time-range limit_http
|
Defines a time range and enters time-range configuration mode.
The name cannot contain a space or quotation mark, and must begin with a letter.
Multiple time ranges can occur in a single access list.
|
Step 4 |
periodic
days-of-the-week
hh
:
mm
to
[days-of-the-week] hh : mm
Example:
Router(config-time-range)# periodic Monday 6:00 to Wednesday 19:00
|
(Optional) Specifies a recurring (weekly) time range.
The first occurrence of days-of-the-week is the starting day or day of the week that the associated time range is in effect. The second occurrence is the ending day or day of the week the associated statement is in effect.
-
The days-of-the-weekargument can be any single day or combinations of days: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday. Other possible values are:
- daily--Monday through Sunday
- weekdays--Monday through Friday
- weekend--Saturday and Sunday
If the ending days of the week are the same as the starting days of the week, they can be omitted.
The first occurrence of hh:mm is the starting hours:minutes that the associated time range is in effect. The second occurrence is the ending hours:minutes the associated statement is in effect.
The hours:minutes are expressed in a 24-hour clock. For example, 8:00 is 8:00 a.m. and 20:00 is 8:00 p.m.
|
Step 5 |
Repeat Step 4 if you want more than one period of time applied to an access list statement.
|
(Optional) Multiple periodic commands are allowed in a time range.
|
Step 6 |
absolute
[start time date] [end time date]
Example:
Router(config-time-range)# absolute start 6:00 1 August 2005 end 18:00 31 October 2005
|
(Optional) Specifies an absolute time when a time range is in effect.
Only one absolute command is allowed in a time range.
The time is expressed in 24-hour notation, in the form of hours:minutes. For example, 8:00 is 8:00 a.m. and 20:00 is 8:00 p.m. The date is expressed in the format day month year. The minimum start is 00:00 1 January 1993. If no start time and date are specified, the permit or deny statement is in effect immediately.
Absolute time and date that the permit or deny statement of the associated access list is no longer in effect. Same time and date format as described for the start keyword. The end time and date must be after the start time and date. The maximum end time is 23:59 31 December 2035. If no end time and date are specified, the associated permit or deny statement is in effect indefinitely.
|
Step 7 |
exit
Example:
Router(config-time-range)# exit
|
Exits to the next highest mode.
|
Step 8 |
Repeat Steps 3 through 7 if you want different time ranges to apply to permit or deny statements.
|
--
|
Step 9 |
ip
access-list
extended
name
Example:
Router(config)# ip access-list extended autumn
|
Defines an extended IP access list using a name and enters extended named access list configuration mode.
|
Step 10 |
deny
protocol
source
[source-wildcard] destination[destination-wildcard] [option option-name] [precedence precedence] [tos tos] [established] [log | log-input] time-range time-range-name
Example:
Router(config-ext-nacl)# deny tcp 172.16.22.23 any eq http time-range limit_http
|
(Optional) Denies any packet that matches all of the conditions specified in the statement.
Specify the time range you created in Step 3.
In this example, one host is denied HTTP access during the time defined by the time range called “limit_http.”
|
Step 11 |
permit
protocol
source
[source-wildcard] destination[destination-wildcard] [option option-name] [precedence precedence] [tos tos] [established] [log | log-input] time-range time-range-name
Example:
Router(config-ext-nacl)# permit tcp any any eq http time-range limit_http
|
Permits any packet that matches all of the conditions specified in the statement.
You can specify the time range you created in Step 3 or in a different instance of Step 3, depending on whether you want the time ranges for your statements to be the same or different.
In this example, all other sources are given access to HTTP during the time defined by the time range called “limit_http.”
|
Step 12 |
Optionally repeat some combination of Steps 10 and 11 until you have specified the values on which you want to base your access list.
|
--
|
Step 13 |
end
Example:
Router(config-ext-nacl)# end
|
Ends configuration mode and returns the system to privileged EXEC mode.
|
Step 14 |
show
ip
access-list
Example:
Router# show ip access-list
|
(Optional) Displays the contents of all current IP access lists.
|
Step 15 |
show
time-range
Example:
|
(Optional) Displays the time ranges that are set.
|
Step 16 |
show
time-range
ipc
Example:
Router# show time-range ipc
|
(Optional) Displays the statistics about the time-range IPC messages between the Route Processor and line card on the Cisco 7500 series router.
|
Step 17 |
clear
time-range
ipc
Example:
Router# clear time-range ipc
|
(Optional) Clears the time-range IPC message statistics and counters between the Route Processor and line card on the Cisco 7500 series router.
|
Step 18 |
debug
time-range
ipc
Example:
Router# debug time-range ipc
|
(Optional) Enables debugging output for monitoring the time-range IPC messages between the Route Processor and line card on the Cisco 7500 series router.
|