【 Weak current College 】 router implementation scheduled access network-user--Power By 【 China power house network 】

I. preface

We know that with the network's development and user requirements change, from the beginning, CISCO router CiscoIOS12.0 new addition of a list based on the time of access. Through it, according to a different time of day, or a different day of the week, of course you can also combine both, control network packet forwarding, implementation of network security.

Second, use the method

This list based on the time of the visit was to the original standard access list and extended access lists to join the valid time range to a more reasonable and effective control of the network. It is required to define a time range, and then in the various access lists on the basis of its application. And, for the number to access the table and the name of the Access table.

III. usage rules

Use time-range command to specify the time range of the name, and then use the absolute command or one or more specific definition peri-odic command. IOS command format: time-rangetime-range-nameabso-lute [starttimedate] [endtimedate] pe-riodicdays-of-theweekhh: mmto [days-of-theweek] hh: mm respectively to describe each command and parameter details time-range: used to define a time range of the command name time-range-name: time range, used to identify a time range, so that on subsequent access list reference absolute: this command is used to specify the absolute time range. It followed that the start and end of the two keywords. In these two keywords later time in a 24-hour, hh: mm (hours: minutes) that date in accordance with the day/month/year. You can see, they both can are omitted. If you omit the start and its next time, it indicates that the associated permit or deny statement takes effect immediately, and has been at the end of time; if omitted if omitted end and the back of the time, that represents the associated permit or deny statement at the start of the time will come into effect, and will never happen, of course the access list deleted the words won't work.

Periodic: mainly for weeks as parameters to define the time span of a command. Its parameter is Monday, Tuesday, Wednesday, Thursday, Friday, Saturday and Sunday in one or several in combination, can also be a daily (daily), weekday (Monday to Friday) or weekend (Saturday). Note: a time range can have only one absolute statements, but can have several periodic statement. Now let's look at a few examples.

(1) If you want to indicate as early as 8 points per day to night 5 points which you can use this statement:

absolutestart8:00end17:00

(2) we want to make an access list from 1 January 2003 to start as early as 1 point to work until 31 January 2003, the role of the late stop 24 points, statement as follows: absolutestart1: 001January2003end24: 0031January2003

(3) every Monday to Friday 9 am-10: 30, night periodicweekday9: 00to22: 30; we already know how to define a time range, so that we can use this list based on time of visit to implement network security control, instead of midnight run to the Office to delete the access list. This is for network administrators, is a good thing. Let's see how in practice the application of this kind of time-based access list S1

192.168.1.0E0

Switch

Internet

E1192.168.2.0E1

Switch

IV. application examples

In the figure above shows the network, the router has two Ethernet interfaces E0 and E1, connected with the 192.168.1.0 network 192.168.2.0 and two children. There is also a serial port

S1, even in the Internet. In order to let the 192.168.1.0 subnet company employees during working hours (Monday through Friday of 8 points to night 5 point) is not a Web browser, only hours before they can through the company network to access the Internet (so you don't have to worry about somebody stole a chat to work time). But on 192.168.2.0 subnet of company employees without Internet access restrictions, we can make the following time-based access control lists to implement such functions:

Router#configt

Router (config) # interfaceethernet0 enters the port control mode

Router(config-if)#ipaccess-group101in

Router(config-if)#time-rangehttp

Router(config-if)#periodicweekday8:00to5:00;

Router(config-if)#ipaccess-list101permittcpanyanyeq80http

We only need one extended access lists on the basis of combined with the time control to achieve the purpose. As is the need to control WEB access protocols, you must use the extended list, that is to say, the number to between 100-199. In the fourth sentence, we define the time range name is http, so that we can list the last sentence in the convenient reference.

Through the above methods, we can easily leverage the router based on the time of the access control list, the realization of internal network users access control on the INTERNET, thus effectively protecting our internal network.