Owner's Manual
Configuring Access Control Lists 555
Configuring a Time-Based ACL
The following example configures an ACL that denies HTTP traffic from 8:00
pm to 12:00 pm and 1:00 pm to 6:00 pm on weekdays and from 8:30 am to
12:30 pm on weekends. The ACL affects all hosts connected to ports that are
members of VLAN 100. The ACL permits VLAN 100 members to browse the
Internet only during lunch and after hours.
To configure the switch:
1
Create a time range called
work-hours
.
console#config
console(config)#time-range work-hours
2
Configure an entry for the time range that applies to the morning shift
Monday through Friday.
console(config-time-range)#periodic weekdays 8:00
to 12:00
3
Configure an entry for the time range that applies to the afternoon shift
Monday through Friday.
console(config-time-range)#periodic weekdays 13:00
to 18:00
4
Configure an entry for the time range that applies to Saturday and Sunday.
console(config-time-range)#periodic weekend 8:30
to 12:30
console(config-time-range)#exit
5
Create an ACL named
web-limit
that denies HTTP traffic during the
work-hours
time range.
console(config)#access-list web-limit deny tcp any
any eq http time-range work-hours
6
Enter interface configuration mode for VLAN 100 and apply the ACL to
ingress traffic.
console(config)#interface vlan 100
console(config-if-vlan100)#ip access-group web-
limit in
console(config-if-vlan100)#exit
console(config)#exit