6.3 Time Based Access Lists
6.3.1 Features
Time-based access lists extend the notion of time to the access-list facility. Now, network administrators can define when the permit or deny statements in the access lists are in effect, by time of day and week, and on an absolute basis. Prior to this feature, access-list statements were always in effect when or after, but not once they were applied.

There are many possible advantages to configuring services and access with time ranges:

  • The network administrator has more control over permitting or denying a user access to resources. These resources could be an application, a server, or an on-demand link. This setup permits the network administrator to use access lists to enforce security policy by time.
  • Network administrators can set time-based security policy, including:
  • Perimeter security using the Cisco IOS Firewall feature set or access lists
  • Data confidentiality with Cisco encryption technology or IP Security (IPsec)
  • Policy-based routing and queuing functions are also enhanced.
  • When provider access rates vary by time of day, it is possible to automatically reroute traffic as is most cost-effective.
  • Network administrators can control logging of messages by time.

This feature is supported by all Cisco IOS platforms that support IP extended, IP named, or IPX access lists, including the following Cisco router platforms: Cisco 160x, 25xx, 26xx, 36xx, 38xx, 4x00, 52xx, 53xx, 72xx, and 75xx, the RSM 5000 and C12000. The first appearance of time-based access lists are in Cisco IOS Software "T" release: 12.0(1)T.