This is a Time Access Control List LAB , objective is permit host C1 (IP: 192.168.1.3/24) access Server S1 on Monday and Thursday AM 08:00 - 17:00 user port 80, other hosts can not access S1 on any time.
========================================================
timeacl#sh access-lists 110
Extended IP access list 110
10 permit tcp host 192.168.1.3 host 172.22.0.10 eq www time-range access-time (active) (50 matches)
20 deny tcp any host 172.22.0.10 eq www (42 matches)
30 permit ip any any (102 matches)
timeacl#
timeacl#
========================================================
***** C3 IP address : 192.168.1.3 *****
C3> ping 172.22.0.10 -3 -p 80
Connect 80@172.22.0.10 seq=1 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=1 ttl=63 time=63.000 ms
Close 80@172.22.0.10 seq=1 ttl=63 time=110.000 ms
Connect 80@172.22.0.10 seq=2 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=2 ttl=63 time=62.000 ms
Close 80@172.22.0.10 seq=2 ttl=63 time=109.000 ms
Connect 80@172.22.0.10 seq=3 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=3 ttl=63 time=78.000 ms
Close 80@172.22.0.10 seq=3 ttl=63 time=94.000 ms
Connect 80@172.22.0.10 seq=4 ttl=63 time=93.000 ms
SendData 80@172.22.0.10 seq=4 ttl=63 time=94.000 ms
Close 80@172.22.0.10 seq=4 ttl=63 time=125.000 ms
Connect 80@172.22.0.10 seq=5 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=5 ttl=63 time=78.000 ms
Close 80@172.22.0.10 seq=5 ttl=63 time=109.000 ms
C3>
========================================================
**** C1IP address : 192.168.1.1 ****
C1> ping 172.22.0.10 -3 -p 80
*192.168.1.254 tcp_seq=1 ttl=255 time=63.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=3 ttl=255 time=47.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=5 ttl=255 time=47.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
C1>
========================================================
!
!
hostname timeacl
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.22.0.254 255.255.255.0
ip access-group 110 out
duplex auto
speed auto
!
!
!
logging alarm informational
access-list 110 permit tcp host 192.168.1.3 host 172.22.0.10 eq www time-range access-time
access-list 110 deny tcp any host 172.22.0.10 eq www
access-list 110 permit ip any any
!
time-range access-time
periodic Monday Thursday 8:00 to 17:00
!
end
========================================================
沒有留言:
張貼留言