|
Command or Action |
Purpose |
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode. |
|
time-range time-range-name
Example:
Router(config)# time-range limit_http
|
Defines a time range and enters time-range configuration mode.
- The name cannot contain a space or quotation mark, and must begin with a letter.
- Multiple time ranges can occur in a single access list.
|
|
periodic days-of-the-week hh : mm to [days-of-the-week] hh : mm
Example:
Router(config-time-range)# periodic Monday 6:00 to Wednesday 19:00
|
(Optional) Specifies a recurring (weekly) time range.
- The first occurrence of days-of-the-week is the starting day or day of the week that the associated time range is in effect. The second occurrence is the ending day or day of the week the associated statement is in effect.
- The days-of-the-weekargument can be any single day or combinations of days: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday. Other possible values are:
- daily--Monday through Sunday
- weekdays--Monday through Friday
- weekend--Saturday and Sunday
- If the ending days of the week are the same as the starting days of the week, they can be omitted.
- The first occurrence of hh:mm is the starting hours:minutes that the associated time range is in effect. The second occurrence is the ending hours:minutes the associated statement is in effect.
- The hours:minutes are expressed in a 24-hour clock. For example, 8:00 is 8:00 a.m. and 20:00 is 8:00 p.m.
|
|
Repeat Step 4 if you want more than one period of time applied to an access list statement.
|
(Optional) Multiple periodic commands are allowed in a time range. |
|
absolute [start time date] [end time date]
Example:
Router(config-time-range)# absolute start 6:00 1 August 2005 end 18:00 31 October 2005
|
(Optional) Specifies an absolute time when a time range is in effect.
- Only one absolute command is allowed in a time range.
- The time is expressed in 24-hour notation, in the form of hours:minutes. For example, 8:00 is 8:00 a.m. and 20:00 is 8:00 p.m. The date is expressed in the format day month year. The minimum start is 00:00 1 January 1993. If no start time and date are specified, the permit or deny statement is in effect immediately.
- Absolute time and date that the permit or deny statement of the associated access list is no longer in effect. Same time and date format as described for the start keyword. The end time and date must be after the start time and date. The maximum end time is 23:59 31 December 2035. If no end time and date are specified, the associated permit or deny statement is in effect indefinitely.
|
|
exit
Example:
Router(config-time-range)# exit
|
Exits to the next highest mode. |
|
Repeat Steps 3 through 7 if you want different time ranges to apply to permit or deny statements.
|
-- |
|
ip access-list extended name
Example:
Router(config)# ip access-list extended autumn
|
Defines an extended IP access list using a name and enters extended named access list configuration mode. |
|
deny protocol source [source-wildcard] destination[destination-wildcard] [option option-name] [precedence precedence] [tos tos] [established] [log | log-input] time-range time-range-name
Example:
Router(config-ext-nacl)# deny tcp 172.16.22.23 any eq http time-range limit_http
|
(Optional) Denies any packet that matches all of the conditions specified in the statement.
- Specify the time range you created in Step 3.
- In this example, one host is denied HTTP access during the time defined by the time range called "limit_http."
|
|
permit protocol source [source-wildcard] destination[destination-wildcard] [option option-name] [precedence precedence] [tos tos] [established] [log | log-input] time-range time-range-name
Example:
Router(config-ext-nacl)# permit tcp any any eq http time-range limit_http
|
Permits any packet that matches all of the conditions specified in the statement.
- You can specify the time range you created in Step 3 or in a different instance of Step 3, depending on whether you want the time ranges for your statements to be the same or different.
- In this example, all other sources are given access to HTTP during the time defined by the time range called "limit_http."
|
|
Optionally repeat some combination of Steps 10 and 11 until you have specified the values on which you want to base your access list.
|
-- |
|
end
Example:
Router(config-ext-nacl)# end
|
Ends configuration mode and returns the system to privileged EXEC mode. |
|
show ip access-list
Example:
Router# show ip access-list
|
(Optional) Displays the contents of all current IP access lists. |
|
show time-range
Example:
Router# show time-range
|
(Optional) Displays the time ranges that are set. |
|
show time-range ipc
Example:
Router# show time-range ipc
|
(Optional) Displays the statistics about the time-range IPC messages between the Route Processor and line card on the Cisco 7500 series router. |
|
clear time-range ipc
Example:
Router# clear time-range ipc
|
(Optional) Clears the time-range IPC message statistics and counters between the Route Processor and line card on the Cisco 7500 series router. |
|
debug time-range ipc
Example:
Router# debug time-range ipc
|
(Optional) Enables debugging output for monitoring the time-range IPC messages between the Route Processor and line card on the Cisco 7500 series router. |