Time-Range

Hi experts,

I created a policy-map to block some websites and it works well, and I created a time-range for every day start from 8 to 4, but I don't know how to include this time range in my policy-map.

Thanks
lexmark1Asked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
so far time-range need access-list  (in base licence)

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#timebasedtimerange

Time-Based ACLs Using Time Ranges

Time-based ACLs were introduced in Cisco IOS Software Release 12.0.1.T. While similar to extended ACLs in function, they allow for access control based on time. A time range is created that defines specific times of the day and week in order to implement time-based ACLs. The time range is identified by a name and then referenced by a function. Therefore, the time restrictions are imposed on the function itself. The time range relies on the router system clock. The router clock can be used, but the feature works best with Network Time Protocol (NTP) synchronization.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swacl.html#wp1071539
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/acl_objects.html#wp1525991
0
 
btanExec ConsultantCommented:
0
 
lexmark1Author Commented:
Hi Dear,
Thanks for reply but I want to include my time-range in my existing class-policy to do time for website blocking not time for web surfing.

Thanks
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
btanConnect With a Mentor Exec ConsultantCommented:
Would it be simply be done in access list instead
uration

ip access-list extended RESTRICTED_SITES

deny ip 172.16.30.0 0.0.0.127 66.220.144.0 0.0.15.255 time-range OFFICE_HRS
deny ip 172.16.30.0 0.0.0.127 204.74.64.0 0.0.63.255 time-range OFFICE_HRS
deny ip 172.16.30.0 0.0.0.127 69.63.176.0 0.0.15.255 time-range OFFICE_HRS
deny ip 172.16.30.0 0.0.0.127 69.171.224.0 0.0.31.255 time-range OFFICE_HRS
permit ip any any
0
 
btanExec ConsultantCommented:
Probably this is a better one
https://supportforums.cisco.com/thread/2070269
0
 
lexmark1Author Commented:
Hi breadtan,

Is there any way to apply time-range in my exist class-map without accees-list?

Thanks
0
All Courses

From novice to tech pro — start learning today.