Ruijie Community

Title: How to configure the time-based ACL? [Print this page]

Author: panjingyi1@ruij Time: 2022-7-5 11:38
Title: How to configure the time-based ACL?
For example, I want to block the 192.168.1.0 access to Internet during the office hour(from 9:00 am to 12:00 am and 14:00 pm to 18:00 pm) but permit this network in any other time.

1. Correct device clock

Ruijie>enable

Ruijie(config)#clock timezone beijing 8 -----> set timezone to UTC+8

Ruijie(config)#exit

Ruijie#clock set 10:00:00 12 1 2012 -----> hour:minute:second month day year

2. Define time-range

Ruijie(config)#time-range work ----->define a time-range named work

Ruijie(config-time-range)#periodic daily 9:00 to 12:30

Ruijie(config-time-range)#periodic daily 14:00 to 18:30

Ruijie(config-time-range)#exit

3. Create a ACL and define ACE

Ruijie(config)#ip access-list extended 100

Ruijie(config-ext-nacl)#10 deny ip 192.168.1.0 0.0.0.255 any time-range work ----->deny any traffic from 192.168.1.0/24 to Internet during work time

Ruijie(config-ext-nacl)#20 permit ip any any ----->permit any other traffic(you must configure this command , because there's an implicit deny any in the end)

Ruijie(config-ext-nacl)#exit

4. Apply ACL on interface

Ruijie(config)#interface GigabitEthernet 0/1

Ruijie(config-if-GigabitEthernet 0/1)#ip access-group 100 out ----->apply ACL 100 on interface connected to internet

5. Save configuration

Ruijie(config-if-GigabitEthernet 0/1)#end

Ruijie#write

Welcome to Ruijie Community (https://community.ruijienetworks.com/)