Re?¬‚exive ACLs can be de?¬?ned only with extended named IP ACLs. They cannot be de?¬?ned with
numbered or standard named IP ACLs or with other protocol ACLs.
Time-Based ACLs
Time-based ACLs are similar to extended ACLs in function, but they allow for access control
based on time. To implement time-based ACLs, you create a time range that de?¬?nes speci?¬?c times
of the day and week. The time range is identi?¬?ed by a name and then referenced by a function.
Therefore, the time restrictions are imposed on the function itself. For example, in Figure 6-8, a
user is blocked from transmitting HTTP traf?¬?c after 7:00 p.m.
Example 6-1 Applying Inbound and Outbound ACLs to an Interface
RouterX(config)#iinntteerrffaaccee EEtthheerrnneett00//11
RouterX(config-if)#iipp aaddddrreessss 117722..1166..11..22 225555..225555..225555..00
RouterX(config-if)#iipp aacccceessss--ggrroouupp iinnbboouunnddffiilltteerrss iinn
RouterX(config-if)#iipp aacccceessss--ggrroouupp oouuttbboouunnddffiilltteerrss oouutt
218 Chapter 6: Managing Traffic with Access Control Lists
Figure 6-8 Timed Access Lists
Time-based ACLs have many bene?¬?ts:
?– The network administrator has more control over permitting or denying a user access to
resources.
Pages:
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333