Topology
Figure 22-44: Timed acl sample topology
Configuration with IPv4 Address
#configure terminal | Enter configure mode. |
(config)#time-range TIMER1 | Configure a timer |
(config-tr)#start-time 10:00 03 nov 2021 | Configure start time |
(config-tr)#end-time 18:00 03 nov 2021 | Configure end time |
(config-tr)#exit | Exit timer |
(config)#ip access-list ACL1 | Create ip access list |
(config-ip-acl)# deny icmp host 10.1.1.1 host 10.1.2.2 | Create an acl rule to deny icmp |
(config-ip-acl)#exit | Exit Acl mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#hardware-profile filter egress-ipv4 enable | Hardware profile enable for the acl |
(config)#int xe15 | Enter into the interface mode |
(config-if)#ip access-group ACL1 out time-range TIMER1 | Apply the acl along with the timer. |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit |
Configuration with IPv6 Address
(config)#ipv6 access-list ACL1v6 | Create ipv6 access list |
(config-ipv6-acl)# deny any any any | Create an acl rule to deny |
(config-ipv6-acl)#exit | Exit Acl mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)# hardware-profile filter ingress-ipv6 enable | Hardware profile enable for the acl |
(config)#int xe12 | Enter into the interface mode |
(config-if)# ipv6 access-group ACL1v6 in time-range TIMER1 | Apply the acl along with the timer. |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit |
Configuration with mac
(config)# mac access-list ACL1mac | Create ip access list |
(config-mac-acl)# deny 0000.0000.0000 1111.2222.3333 0000.0000.0000 4444.5555.6666 | Create an acl rule to deny icmp |
(config-mac-acl)#exit | Exit Acl mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)# hardware-profile filter ingress-l2 enable | Hardware profile enable for the acl |
(config)#int xe13 | Enter into the interface mode |
(config-if)# mac access-group ACL1mac in time-range TIMER1 | Apply the acl along with the timer. |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit |
Validation
#sh running-config in xe15
!
interface xe15
ip access-group ACL1 out time-range TIMER1
!
#sh running-config in xe12
!
interface xe12
ipv6 access-group ACL1v6 in time-range TIMER1
!
#sh running-config in xe13
!
interface xe13
mac access-group ACL1mac in time-range TIMER1
#sh time-range
=====================================
TR handler interval: 10 seconds
=====================================
TR entries: 1
Entry: 0
name: TIMER1
state: Pending
frequency: none
start time: Wed Nov 3 10:00:00 2021
end time: Wed Nov 3 18:00:00 2021
=====================================
RUNNING TR entries: 0
=====================================
COMPLETED TR entries: 0
Last modified date: 10/19/2023