Time-range ACL

■ Time-range ACL

ACL을 시간대에 따라 동작 시키는 기능으로 시간 범위 설정, 평소 운영할 ACL과 시간 범위에 운영할 ACL을 구분하여 동작시키는 기능.
주로 회사 근무시간에 대한 설정으로 많이 사용됨.

 

Timerange ACL 토폴로지

 

■ IP 설정 & RIP 설정

 

R1 라우터

conf t
int s1/0
ip addr 192.168.12.1 255.255.255.0
no sh
int fa0/0
ip addr 192.168.1.2 255.255.255.0
no sh
router rip
ver 2
net 192.168.12.0
net 192.168.1.0
no auto-summary

 

R2 라우터

conf t
int s1/0
ip addr 192.168.12.2 255.255.255.0
no sh
int s1/1
ip addr 192.168.23.1 255.255.255.0
no sh
router rip
ver 2
net 192.168.12.0
net 192.168.23.0
no auto-summary

 

R3 라우터

conf t
int s1/1
ip addr 192.168.23.2 255.255.255.0
no sh
int fa0/0
ip addr 192.168.3.2 255.255.255.0
no sh
router rip
ver 2
net 192.168.23.0
net 192.168.3.0
no auto-summary

 

PC1,2

PC 1
ip 192.168.1.1 255.255.255.0 192.168.1.2

PC2
ip 192.168.3.1 255.255.255.0 192.168.3.2

 

■ SSH 구성

 

R1 라우터

conf t
enable pass 1111
ip domain-name cisco
username user1 pass 2222
crypto key generate rsa
line vty 0 4
login local

 

R3 라우터

do ssh -l user1 192.168.12.1
2222

 

■ 이제 Time-range 구성을 위해 R2로 이동한다.

 

R2 라우터

conf t
time-range Remote_access_ristric
periodic weekdays 09:00 to 18:00
exit
acc 100 permit tcp any any eq 22 time-range Remote_access_ristric
acc 100 deny tcp any any eq 22
acc 100 permit ip any any
int s1/1
ip access-group 100 in

 

R2#sh clock
*00:21:48.167 UTC Fri Mar 1 2002

 

접속 불가 확인

 

■ 시간 재설정

 

R2 라우터

clock set 14:28:00 18 june 2024

 

접속 가능

 

■ 실습파일

Timerange_ACL.7z

0.00MB