These resources could be an application, identi?¬?ed by an IP address and mask pair
and a port number; policy routing; or an on-demand link, identi?¬?ed as interesting traf?¬?c to the
dialer.
?– Network administrators can set time-based security policies such as the following:
??” Perimeter security using the Cisco IOS Firewall feature set or ACLs
??” Data con?¬?dentiality with Cisco Encryption Technology or IP security (IPsec)
?– Policy-based routing and queuing functions are enhanced.
?– When provider access rates vary by time of day, it is possible to automatically reroute traf?¬?c
cost effectively.
?– Service providers can dynamically change a committed access rate (CAR) con?¬?guration to
support the QoS service-level agreements (SLA) that are negotiated for certain times of day.
?– Network administrators can control logging messages. ACL entries can log traf?¬?c at certain
times of the day but not constantly. Therefore, administrators can simply deny access without
analyzing the many logs that are generated during peak hours.
Although the entire con?¬?guration for time-based ACLs is outside the scope of this course, the
following example shows the steps that are required to con?¬?gure a time-based ACL.
Pages:
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334