Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Time-based ACL behavior

This thread has been viewed 1 times

  • 1.  Time-based ACL behavior

    Posted Jan 08, 2013 12:02 PM

    I have a requirement to use time-based ACL to impose a deny any rule during an exam period.

     

    I've noticed that if a student has been connected to the network before 15:00, the deny statement will not have any effect when the time range ACL is activated.

     

    Any new connections after 15:00 will be subjected to the deny statement.

     

    Is this the right behavior?

     

    -----------------------

    user-role OPEN
     access-list session ACL-OPEN
     
    time-range UT-timebase periodic
     weekday 15:00 to  18:00
     
    ip access-list session ACL-OPEN
    any host 10.1.1.1 any  permit <-------- Permit statement to exam server
    any any any  deny time-range UT-timebase <-------- Time-based deny statement to block internet traffic
    any any any  deny time-range UT-timebase <-------- Permit statement to internet