Hello, I have no experience as of yet with cisco IOS but am considering getting a 1720 router for my home. Can the time-based access lists accomplish the following????

computer1 unlimited access to internet sun - thur 6pm to 8pm
computer2 unlimited access to internet sun - thur 7pm to 9pm
computer3 unlimited access to internet sun - thur 5pm to 8pm
computer4 unlimited access at all times
any computer unlimited access to internet fri 6pm to 10pm
any computer unlimited access to internet sat 6pm to 10pm
any computer access to thiswebsite.com at all times (this one is the one I'm not sure about)

I've read thru all the documentation I can find, but it is still unclear as to whether or not I can accomplish these goals

Thanks for considering this....

The great thing about time based access lists is the flexibility.

One thing to remember regardless of the type of access list you are creating, the order of your Access Contorl Entries (ACEs) are key!

Let's see,

I would probably do something like this...

permit computer4 access to everything
permit anyone web access to "thiswebsite.com"
permit any web access to anywhere according to time-range for Fri6-10
permit any web access to anywhere according to time-range for Sat6-10
permit cmp1 web access according to time-range for Sun-Thur6-8
permit cmp2 web access according to time-range for Sun-Thur7-9
permit cmp3 web access according to time-range for Sun-Thur5-8
deny anyone access to the web..... i would also put a log statement here *
permit ip any any

It looks to me like you would have to create 5 time ranges.
Each PC should have a static address
Having the IP address to "thiswebsite.com" vs using ip host files or DNS would make things a whole lot easier and avoid costly trouble shooting.
* The reason I would put a log statement in to see who was violating the policy.


End result... YES you will be able to accomplish this using an IOS that supports Time Based Access lists.

Todd Lammle wrote a great chapter on access-lists in his new 6th addition CCNA book (Chapter 10). If you don't have a copy you can order one from LammlePress.com

Good luck!

Thanks very much for the information. I currently take care of about 80 customers with small businesses. I'd like to get more familiar with real router management and push for my customers to move that direction and get away from the SOHO routers that they currently have, most of which I installed. They were quite adequate at the time, but as the number of pc's they have in their organization grows, this will be more suited for them. I'm going to get a 1720, probably from ebay, with a 1ENET WIC to get familiar with it. Is the configuration usually thru telnet or console? Or is there a GUI as well?
Thanks again.....

Wow, I bet your customers keep you busy!

Before you start buying routers, you should evaluate what type of hardware connection your customers have for internet connectivity.

You will find that most SOHO to even Medium sized business have an RJ45 connection to the internet.

If you run off and buy a router with 1 ethernet connection and 1 serial connection, it will not do you any good.

1700s are good, but 1800s are the new kid on the block.

If your customers do have a DSL/Cable/Ethernet connection to the internet I would even consider an 800 series router. They rock. Some even come with built in Wireless capabilities.

Ok, back to your question....

All stand alone routers will give you some type of console access. Once you do some minimum configurations on your routers then you will be able to telnet or ssh to the router for remote access. Newer IOSs have the SDM (Security Device Manager). This is a gui that allows you to configure, troublehsoot and manage the router using a secure HTTP connection.

Are you working with a Cisco Partner who can help you out with available products for your customers?

If not send me a private message with your contact info and I can get you hooked up with some product documenation. I will also give you a list of the used Routers and switches we have here in stock that you might consider purchasing instead of going to ebay.

Good luck!

As I was working on another project something came to mind about what you might want to suggest to your customers...

Have you considered using a PIX or ASA versus a Router?

PIX and ASAs are pretty powerful devices.

So many options right...

Let me know how I can help!