Configuring a distributed time-based ACL
I have a router which auto-dials into an access server for connectivity. I have applied a time-based ACL, which defines the interesting traffic and the hours during which it should be allowed to pass. However, the ACL is not working properly as interesting traffic appears to still be allowed at all times. I have pasted the ACL below and the time-range specifications. The ACL is applied to the async interface on the router dialing out.
access-list 100 remark ACL for Async interesting traffic definition
access-list 100 permit ip any host 255.255.255.255 time-range dial-up-hours
access-list 100 deny ip any host 255.255.255.255
access-list 100 permit ip any any
dialer-list 1 protocol ip list 100
absolute start 00:00 05 October 2003
periodic Saturday 1:30 to 13:30
periodic Sunday 1:30 to 13:30
periodic Monday 1:30 to 13:30
periodic Tuesday 1:30 to 13:30
periodic Wednesday 1:30 to 13:30
periodic Thursday 1:30 to 13:30
periodic Friday 1:30 to 13:30
Thanks in advance!
In your dialer list you have specified all IP traffic so any packet will trigger the link. You can create an access-list and call that access-list in your dialer list so that only required traffic kicks the link up.
This was first published in November 2003