We’ve learned from theory that we can filter the traffic using multiple criteria and one of these criteria is Time
What are we meaning by time ? – a defined range of days and hours in which an user has access to network shared resources
That being said let’s take a look at below scenario
You are being employed at a medium size company ,working in IT Department and a new colleague is to be hired having as main task testing of new technologies and devices.
Our task as network engineers is to create a network restriction that would allow the new colleague to access the required resources weekly from Monday to Friday and only from 9 am until 6 pm .
Let’s assume that for this exercise we’ll have the below shown topology
How do we accomplish our task ?
Step1
First we check if the IP address allocated to the user has access to the network resources before adding any restriction
We’ll need also to know to which subnet belongs the IP address allocated to user
Step2
Now that we’ve collected the required info related to user we’ll pass to the next step which is access list defining and applying , because once an access list has been defined it has to be applied in order to be in effect .
In our exercise the access list will be defined on R1 router and applied on interface toward the SW2 switch from which the user is connected
To define and apply a Time based Access list we’ll proceed as shown below:
Step2.1 Time Range setup
First of all we need to enter in the global configuration mode after we login on R1 router
Then we define a Time range that will be used when we’ll define our access list
Good Job! , Now we’ll exit from time -range configuration
Step2.2 Access list setup
Now that we’ve configured a time range let’s see how we can use it because it has an important purpose in our exercise
Let’s proceed with access list configuration and a little bit later we’ll see how to apply this access list in order to have any effect
From global configuration mode we’ll configure our access list as shown below
ip access-list extended TIME_BASED permit tcp 192.168.2.50 255.255.255.255 any eq 22 time-range WeekDays
We’ve selected a /32 mask because this access list is intended to restrict access only for a single user
Now let’s apply this access list on an interface toward that user in order to enable it
Now we’ll visualize the current time from R1 router
R1#show clock
10:09:53.795 UTC Mon Mar 8 2021
R1#
At this time this user should have access to network shared resources
We should check that because we are in the allowed time range
Now we’ll do a slight change on R1 router by changing the time and date
After this minor change done on R1 router the user should not be able to access the network shared resources anymore
And that’s the way we can restrict users from accessing network resources , by only using time .
I hope that this document have been informative and useful for you 😊