CISCO路由器基于时间的访问列表的应用
CISCO 路由器 中的access-list( 访问 列表 )最基本的有两种,分别是标准 访问 列表 和扩展 访问 列表 ,二者的区别主要是前者是 基于 目标地址的数据包过滤,而后者是 基于 目标地址、源地址和网络协议极其端口的数据包过滤。随着网络的发展和用户要求的变
CISCO路由器中的access-list(访问列表)最基本的有两种,分别是标准访问列表和扩展访问列表,二者的区别主要是前者是基于目标地址的数据包过滤,而后者是基于目标地址、源地址和网络协议极其端口的数据包过滤。随着网络的发展和用户要求的变化,从IOS12.0开始,CISCO路由器新增加了一种基于时间的访问列表。通过它,可以根据一天中的不同时间或者根据一星期中的不同日期(当然也可以二者结合起来)控制网络数据包的转发。一、使用方法
这种基于时间的访问列表就是在原来的标准访问列表和扩展访问列表中加入有效的时间范围来更合理有效的控制网络。它需要先定义一个时间范围,然后在原来的各种访问列表的基础上应用它。并且,对于编号访问表和名称访问表都适用。
二、使用规则
用time-range 命令来指定时间范围的名称,然后用absolute命令或者一个或者多个 periodic命令来具体定义时间范围,IOS命令格式为:
time-range time-range-name absolute [start time date] [end time date] periodic days-of-the week hh:mm to [days-of-the week] hh:mm
我们分别来介绍一下每个命令和参数的详细情况:
time-range: 用来定义时间范围的命令
time-range-name: 时间范围名称,用来标识时间范围,以便于在后面的访问列表中引用
absolute: 该命令用来指定绝对时间范围。它后面紧跟这start和 end两个关键字。在这两个关键字后面的时间要以24小时制、hh:mm(小时:分钟)表示,日期要按照日/月/年来表示。可以看到,他们两个可以都省略。如果省略start及其后面的时间,那表示与之相联系的permit 或deny语句立即生效,并一直作用到end处的时间为止;若省略如果省略end及其后面的时间,那表示与之相联系的permit 或deny语句在start处表示的时间开始生效,并且永远发生作用,当然把访问列表删除了的话就不会起作用了。
上面讲的就是命令和基本参数为了便于理解,下面我们来看两个例子。
如果要表示每天的早8点到晚8点就可以用这样的语句:
absolute start 8:00 end 20:00
再如,我们要使一个访问列表从2000年12月1日早5点开始起作用,直到2000年12月31日晚24点停止作用,语句如下:
absolute start 5:00 1 December 2000 end 24:00 31 December 2000
这样一来,我们就可以用这种基于时间的访问列表来实现,而不用半夜跑到办公室去删除那个访问列表了,这对于网络管理员来说应该是件好事吧。接下来,让我们看下一个periodic命令及其参数。一个时间范围只能有一个absolute语句,但是可以有几个periodic语句。
periodic:主要是以星期为参数来定义时间范围的一个命令。它的参数主要有Monday、Tuesday、Wednesday、Thursday、Friday、Saturday、Sunday中的一个或者几个的组合,也可以是daily(每天)、weekday(周一到周五)或者weekend(周末)。
我们还是来看几个具体的例子。比如表示每周一到周五的早9点到晚10点半,就可以用:
periodic weekday 9:00 to 22:30
每周一早7点到周二的晚8点就可以用:
periodic Monday to Tuesday 20:00
好了,我们已经把这个时间范围如何定义弄清楚了,下面让我们看看如何在实际情况下应用这种基于时间的访问列表。
三、应用实例
例1:在如上图所示的网络中,路由器有两个以太网接口E0和E1,分别连接着202.111.170.0和202.222.100.0两个子网络,其中202.111.170.50和202.222.100.100分别是WEB服务器1和WEB服务器2。还有一个串口S1,连入Internet。为了让202.111.170.0子网公司员工在工作时间不能进行WEB浏览,从2000年12月1日1点到2000年12月31日晚24点这一个月中,只有在周六早7点到周日晚10点才可以通过公司的网络访问Internet。我们做如下的基于时间的访问控制列表来实现这样的功能:
Router# config t
Router(config)# interface ethernet 0
Router(config-if)#ip access-group 101 in
Router(config-if)#time-range http
Router(config-if)#absolute start 1:00 1 December 2000 end 24:00 31
December 2000 periodic Saturday 7:00 to Sunday 22:00
Router(config-if)#ip access-list 101 permit tcp any any eq 80 http
我们是在一个扩展访问列表的基础上再加上时间控制就达到了目的。因为是要控制WEB访问的协议,所以必须要用扩展列表,也就是说,编号要在100-199之间。这些关于访问列表的基础知识,请参考其他关于Cisco或者CCNA的基础文档。我们定义了这个时间范围名称是http,这样,我们就在列表中的最后一句方便的引用了。有了以上的详细讲解,这个很好看懂了。我们再看下面一个例子。
例2:网络结构同上例,现在假设我们的访问要求变了,服务器WEB2(IP:202.222.100.100)上放着的是新年贺岁版的公司主页,我们希望在2001年12月31日24:00点前,Internet的用户访问的是服务器WEB1(IP:202.111.170.50)上的主页内容,而不能访问WEB2上的内容。在此之后的新年里,访问的是新年版主页而不能访问旧版本的主页。那么,我们利用带有时间控制的访问列表来自动实现这个功能,而再也不用让网管员在新年半夜时手动删除了。列表内容如下:
Router# config t
Router(config)#interface serial 0
Router(config-if)#ip access-group web in
Router(config-if)#
time-range changewebabsolute end 24:00 31 December 2000
Router(config-if)#ip access-list extended web
permit tcp any host 202.111.170.50 eq 80 changeweb
deny tcp any host 202.222.100.100 eq 80 changeweb
permit tcp any host 202.222.100.100 eq 80
现在让我们分析一下这个访问控制列表。第一句是进入端口控制模式。第二句是应用名称访问列表web,并且是用在Serial 0的入口方向,就是数据流入路由器的时候做协议控制分析。第三句,定义一个时间范围名称是changeweb。第四句是定义扩展名称访问列表web。第五、六句是表示在新年前,只能允许访问WEB1。第七句是允许所有到WEB2的web访问。这样第七句不是在没有时间限制的情况下全部允许了WEB2的访问吗?那我们的目的是如何实现的呢?不要忘记,路由器中访问控制列表的每个表项的顺序是很重要的,它是从上到下执行的,这样,在新年之前,也就是第五、六句起左右的时候,访问WEB2的要求已经被禁止了,所以,第七句就没有用了,而在新年之后呢,第五、六句失效了,第七句才发挥它的作用。允许所有对WEB2的访问请求,那么,新年之后,还能访问WEB1服务器吗?当然不能,因为我们第七句只允许访问WEB2,隐含的意思就是,其余的全部禁止。
好了,看到这儿,你不是觉的你的想法都被CISCO路由器实现了?合理有效的利用基于时间的访问控制列表,可以更有效、更安全、更方便的保护我们的内部网络。这样你的网络才会更安全,网络管理员也会更轻松!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
How to Undo Delete from Home Screen in iPhone
Apr 17, 2024 pm 07:37 PM
Deleted something important from your home screen and trying to get it back? You can put app icons back on the screen in a variety of ways. We have discussed all the methods you can follow and put the app icon back on the home screen. How to Undo Remove from Home Screen in iPhone As we mentioned before, there are several ways to restore this change on iPhone. Method 1 – Replace App Icon in App Library You can place an app icon on your home screen directly from the App Library. Step 1 – Swipe sideways to find all apps in the app library. Step 2 – Find the app icon you deleted earlier. Step 3 – Simply drag the app icon from the main library to the correct location on the home screen. This is the application diagram
The role and practical application of arrow symbols in PHP
Mar 22, 2024 am 11:30 AM
The role and practical application of arrow symbols in PHP In PHP, the arrow symbol (->) is usually used to access the properties and methods of objects. Objects are one of the basic concepts of object-oriented programming (OOP) in PHP. In actual development, arrow symbols play an important role in operating objects. This article will introduce the role and practical application of arrow symbols, and provide specific code examples to help readers better understand. 1. The role of the arrow symbol to access the properties of an object. The arrow symbol can be used to access the properties of an object. When we instantiate a pair
From beginner to proficient: Explore various application scenarios of Linux tee command
Mar 20, 2024 am 10:00 AM
The Linuxtee command is a very useful command line tool that can write output to a file or send output to another command without affecting existing output. In this article, we will explore in depth the various application scenarios of the Linuxtee command, from entry to proficiency. 1. Basic usage First, let’s take a look at the basic usage of the tee command. The syntax of tee command is as follows: tee[OPTION]...[FILE]...This command will read data from standard input and save the data to
Explore the advantages and application scenarios of Go language
Mar 27, 2024 pm 03:48 PM
The Go language is an open source programming language developed by Google and first released in 2007. It is designed to be a simple, easy-to-learn, efficient, and highly concurrency language, and is favored by more and more developers. This article will explore the advantages of Go language, introduce some application scenarios suitable for Go language, and give specific code examples. Advantages: Strong concurrency: Go language has built-in support for lightweight threads-goroutine, which can easily implement concurrent programming. Goroutin can be started by using the go keyword
How to add a router to Mijia
Mar 25, 2024 pm 10:40 PM
In modern life, smart home interconnection has become a mainstream. Many users use smart devices to interconnect with their mobile phones at home to achieve easy control settings to facilitate their life experience. So when using the Mijia app, many users You may not know exactly how to add your own router. This tutorial guide will provide you with a detailed introduction. I hope it can help everyone in need. 1. Turn on the WIFI of the mobile phone, click on the wireless wifi name of the router, connect to the wireless network of the router, and then connect. On the Mijia homepage, click the "Nearby Devices" option on the left, and then slide to the nearby devices page. You will see the router icon of the local device. 3. Click "Router" and "Enter
The wide application of Linux in the field of cloud computing
Mar 20, 2024 pm 04:51 PM
The wide application of Linux in the field of cloud computing With the continuous development and popularization of cloud computing technology, Linux, as an open source operating system, plays an important role in the field of cloud computing. Due to its stability, security and flexibility, Linux systems are widely used in various cloud computing platforms and services, providing a solid foundation for the development of cloud computing technology. This article will introduce the wide range of applications of Linux in the field of cloud computing and give specific code examples. 1. Application virtualization technology of Linux in cloud computing platform Virtualization technology
Understanding MySQL timestamps: functions, features and application scenarios
Mar 15, 2024 pm 04:36 PM
MySQL timestamp is a very important data type, which can store date, time or date plus time. In the actual development process, rational use of timestamps can improve the efficiency of database operations and facilitate time-related queries and calculations. This article will discuss the functions, features, and application scenarios of MySQL timestamps, and explain them with specific code examples. 1. Functions and characteristics of MySQL timestamps There are two types of timestamps in MySQL, one is TIMESTAMP
Apple tutorial on how to close running apps
Mar 22, 2024 pm 10:00 PM
1. First we click on the little white dot. 2. Click the device. 3. Click More. 4. Click Application Switcher. 5. Just close the application background.
