Any TCP sessions initiated from Network A (10.2.2.0/24) destined to Network B (10.1.1.0/24) will
be allowed because they will have the ACK/RST bit set for all the returning packets. Any datagram with an
ACK/RST bit not set will be dropped.
Example 2-6. Established ACL Example
interface Ethernet1
ip address 10.1.1.2 255.255.255.0
ip access-group 101 in
!
access-list 101 permit tcp any any established
Time-Based ACLs Using Time Ranges
Time-based ACLs are similar to the extended ACLs in function; they provide the additional feature of controlling
access based on the time. The time range relies on the router's system clock. However, this feature works best
with Network Time Protocol (NTP) synchronization. IP and IPX numbered or named extended ACLs are the only
functions that can use time ranges.
To configure time-based ACLs, a time range is created that defines specific times of the day and week. The time
range is identified by a name and then referenced within the extended ACL allowing control when the permit or
deny statements in the ACL are in effect. Both named and numbered ACLs can reference a time range.
Step 1. Assign a name to the time range to be configured and enter time-range configuration mode for
subcommands.
Pages:
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100