Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎04-09-2012

Time-based ACL behavior

I have a requirement to use time-based ACL to impose a deny any rule during an exam period.

 

I've noticed that if a student has been connected to the network before 15:00, the deny statement will not have any effect when the time range ACL is activated.

 

Any new connections after 15:00 will be subjected to the deny statement.

 

Is this the right behavior?

 

-----------------------

user-role OPEN
 access-list session ACL-OPEN
 
time-range UT-timebase periodic
 weekday 15:00 to  18:00
 
ip access-list session ACL-OPEN
any host 10.1.1.1 any  permit <-------- Permit statement to exam server
any any any  deny time-range UT-timebase <-------- Time-based deny statement to block internet traffic
any any any  deny time-range UT-timebase <-------- Permit statement to internet
Search Airheads
Showing results for 
Search instead for 
Did you mean: