Occasional Contributor I

Time-based ACL behavior

I have a requirement to use time-based ACL to impose a deny any rule during an exam period.


I've noticed that if a student has been connected to the network before 15:00, the deny statement will not have any effect when the time range ACL is activated.


Any new connections after 15:00 will be subjected to the deny statement.


Is this the right behavior?



user-role OPEN
 access-list session ACL-OPEN
time-range UT-timebase periodic
 weekday 15:00 to  18:00
ip access-list session ACL-OPEN
any host any  permit <-------- Permit statement to exam server
any any any  deny time-range UT-timebase <-------- Time-based deny statement to block internet traffic
any any any  deny time-range UT-timebase <-------- Permit statement to internet
Search Airheads
Showing results for 
Search instead for 
Did you mean: