newbie
03-09-2008, 04:37 AM
Hello Mr. Lammle,
Correct me if I'm wrong but I think the configuration of the time based access control list on page 637 is missing one command.
Corp#config t
Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#time-range tcp-yes
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range tcp-yes
Corp(config-ext-nacl)#permit ip any any
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time indeny tcp any any eq www time-range no-httpThis command with deny http access from 06:00 to 12:00
permit tcp any any time-range tcp-yesThis command will permit tcp access from 06:00 to 12:00
After these 2 commands there is an implicit "deny any", so all traffic will be denied between 12:01 to 05:59, unless we add a "permit ip any any" at the end
Also, is it not possible to use just one time-range like so..
Corp#config t
Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range no-http
Corp(config-ext-nacl)#permit ip any any ???
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time inI'm using CCNA Study Guide, 6th edition.
ISBN 10:81-265-1463-9
13:978-81-265-1463-2
Correct me if I'm wrong but I think the configuration of the time based access control list on page 637 is missing one command.
Corp#config t
Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#time-range tcp-yes
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range tcp-yes
Corp(config-ext-nacl)#permit ip any any
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time indeny tcp any any eq www time-range no-httpThis command with deny http access from 06:00 to 12:00
permit tcp any any time-range tcp-yesThis command will permit tcp access from 06:00 to 12:00
After these 2 commands there is an implicit "deny any", so all traffic will be denied between 12:01 to 05:59, unless we add a "permit ip any any" at the end
Also, is it not possible to use just one time-range like so..
Corp#config t
Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range no-http
Corp(config-ext-nacl)#permit ip any any ???
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time inI'm using CCNA Study Guide, 6th edition.
ISBN 10:81-265-1463-9
13:978-81-265-1463-2