|
Time-based access lists extend the
notion of time to the access-list facility. Now, network
administrators can define when the permit or deny statements in the
access lists are in effect, by time of day and week, and on an
absolute basis. Prior to this feature, access-list statements were
always in effect when or after, but not once they were applied.
There are many possible advantages to
configuring services and access with time ranges:
- The network administrator has more
control over permitting or denying a user access to resources.
These resources could be an application, a server, or an on-demand
link. This setup permits
the network administrator to use access lists to enforce
security policy by time.
- Network administrators can set
time-based security policy, including:
- Perimeter security using the Cisco
IOS Firewall feature set or access lists
- Data confidentiality with Cisco
encryption technology or IP Security (IPsec)
- Policy-based routing and queuing
functions are also enhanced.
- When provider access rates vary by
time of day, it is possible to automatically reroute traffic as
is most cost-effective.
- Network administrators can control
logging of messages by time.
This feature is supported by all
Cisco IOS platforms that support IP extended, IP named, or IPX
access lists, including the following Cisco router platforms: Cisco
160x, 25xx, 26xx, 36xx, 38xx, 4x00, 52xx, 53xx, 72xx, and 75xx, the
RSM 5000 and C12000. The first appearance of time-based access lists
are in Cisco IOS Software "T" release: 12.0(1)T.
|