Time-based access-list is type of access-list which allows
network access on the basis of given time period. It is useful when you want to
place restrictions on outbound or inbound traffic on the basis of particular day
and time periods.
Sometimes it may be useful if you want to block particular
traffic on specific days or during business hours.
Time-based access-list is Easy to implement and Its provides good control over the network traffic to an admin as the traffic can be denied or permitted on the basis of time.
- configure the topology as per the diagram
- configure IP addresses to their ports
- configure EIGRP AS 65100 for routing
- make sure PC communicate loopback 0 172.16.1.1 network before configure Time-based access-list .
- configure Time-based access-list on router 1 and block PC ICMP msg for 172.16.1.1 network.
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface ethernet 6/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
Ethernet6/0 10.1.1.1 YES manual up up
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 4/0
R2(config-if)#ip address 1.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R3(config)#interface serial 4/0
R3(config-if)#ip address 1.1.1.2 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#ip address 172.16.1.1 255.255.0.0
R3(config-if)#do show ip int br
Interface IP-Address OK? Method Status Protocol
Serial4/0 1.1.1.2 YES manual up up
Loopback0 172.16.1.1 YES manual up up
{CONFIGURE PC IP ADDRESS WITH DEFAULT GATEWAY}
IP 10.1.1.2 255.0.0.0 10.1.1.1
R1(config)#router eigrp 65100
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit
*Feb 15 12:47:49.483: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 192.168.1.2 (FastEthernet0/0) is up: new adjacency
R2(config)#router eigrp 65100
R2(config-router)#network 1.0.0.0
R2(config-router)#network 192.168.1.0
R2(config-router)#no auto-summary
*Feb 15 12:47:13.891: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 192.168.1.1 (FastEthernet0/0) is up: new adjacency
R2(config-router)#no auto-summary
R2(config-router)#exit
R3(config)#router eigrp 65100
R3(config-router)#network 172.16.0.0
R3(config-router)#network 1.0.0.0
R3(config-router)#no auto-summary
*Feb 15 12:48:24.771: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 1.1.1.1 (Serial4/0) is up: new adjacency
R3(config-router)#exit
PC1> ping 10.1.1.1
84 bytes from 10.1.1.1 icmp_seq=1 ttl=255 time=96.577 ms
84 bytes from 10.1.1.1 icmp_seq=2 ttl=255 time=35.450 ms
84 bytes from 10.1.1.1 icmp_seq=3 ttl=255 time=9.170 ms
84 bytes from 10.1.1.1 icmp_seq=4 ttl=255 time=5.948 ms
84 bytes from 10.1.1.1 icmp_seq=5 ttl=255 time=5.712 ms
PC1> ping 192.168.1.1
84 bytes from 192.168.1.1 icmp_seq=1 ttl=255 time=12.731 ms
84 bytes from 192.168.1.1 icmp_seq=2 ttl=255 time=5.809 ms
84 bytes from 192.168.1.1 icmp_seq=3 ttl=255 time=7.586 ms
84 bytes from 192.168.1.1 icmp_seq=4 ttl=255 time=14.573 ms
84 bytes from 192.168.1.1 icmp_seq=5 ttl=255 time=14.912 ms
PC1> ping 1.1.1.1
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=32.289 ms
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=26.462 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=28.834 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=32.267 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=27.565 ms
PC1> ping 172.16.1.1
84 bytes from 172.16.1.1 icmp_seq=1 ttl=253 time=86.535 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=253 time=44.981 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=253 time=39.510 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=253 time=49.432 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=253 time=52.414 ms
PC1> ping 172.16.1.1
84 bytes from 172.16.1.1 icmp_seq=1 ttl=253 time=50.518 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=253 time=49.394 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=253 time=39.684 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=253 time=50.800 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=253 time=52.605 ms
R1#clock set 0:10:0 1 july 2021
*Jul 1 00:10:00.003: %SYS-6-CLOCKUPDATE: System clock has been updated from 13:01:35 UTC Tue Feb 15 2022 to00:10:00 UTC Thu Jul 1 2021,
R1(config)#time-range Work_Hours
R1(config-time-range)#absolute start 00:15 1 july 2021
R1(config-time-range)#absolute start 00:15 1 july 2021 end 00:20 1 july 2021
R1(config-time-range)#exit
R1(config)#time-range NO_ICMP
R1(config-time-range)#periodic ?
Friday Friday
Monday Monday
Saturday Saturday
Sunday Sunday
Thursday Thursday
Tuesday Tuesday
Wednesday Wednesday
daily Every day of the week
weekdays Monday thru Friday
weekend Saturday and Sunday
R1(config-time-range)#periodic weekdays 0:15 to 0:20
R1(config-time-range)#exit
R1(config)#ip access-list extended Work_Hours
R1(config-ext-nacl)#$ost 10.1.1.2 host 172.16.1.1 time-range N0_ICMP
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#end
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip access-group Work_Hours out
R1(config-if)#exit
PC1> ping 172.16.1.1
*10.1.1.1 icmp_seq=1 ttl=255 time=22.213 ms (ICMP type:3, code:13, Communication administratively prohibited )
*10.1.1.1 icmp_seq=2 ttl=255 time=12.513 ms (ICMP type:3, code:13, Communication administratively prohibited )
*10.1.1.1 icmp_seq=3 ttl=255 time=9.375 ms (ICMP type:3, code:13, Communication administratively prohibited)
*10.1.1.1 icmp_seq=4 ttl=255 time=9.523 ms (ICMP type:3, code:13, Communication administratively prohibited)
*10.1.1.1 icmp_seq=5 ttl=255 time=3.403 ms (ICMP type:3, code:13, Communication administratively prohibited)
Instagram
.png)
1 comment:
Nice...very informative
Post a Comment