Timed Access List Options
Option Meaning
Periodic Specifies how the time range will act or be created, allowing
specific time values to be set
hh:mm Specifies time values for when the range will start and stop on
specific days
Here is an example of the time-based ACL’s:
Corp#config t
Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#time-range tcp-yes
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range tcp-yes
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time in
Corp(config-if)#do show time-range
time-range entry: no-http (inactive)
periodic weekdays 8:00 to 15:00
used in: IP ACL entry
time-range entry: tcp-yes (inactive)
periodic weekend 8:00 to 13:00
used in: IP ACL entry
Corp(config-if)#
The time-range command is pretty flexible and will drive users crazy if you deny them
access to basic network access or the Internet during off-hours. Be careful with the previous
commands; make sure you test your list on a nonproduction network before you implement
the lists on your production network.