AFAIK first example meets requirement, second example not.
Srdja
-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Edward Sohn
Sent: Wednesday, November 01, 2006 19:49
To: cisco@xxxxxxxxxxxxxx
Subject: RE: Time Range ACL Question [7:115283]
Uhhh...not sure about that one. Read the requirement...
"allow access to the server until 00:01 Jan 1, 2007 UTC"
My question is, does either meet the requirement?
-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
srdja blagojevic
Sent: Wednesday, November 01, 2006 6:38 PM
To: cisco@xxxxxxxxxxxxxx
Subject: RE: Time Range ACL Question [7:115283]
No, it is not the same.
In the first example you are using ACL until Jan 1,2007, and in second
example you are using ACL from Jan 1, 2007.
Permit or deny in ACL do not influence on time range. IOS first look at time
range, and if it is true (valid), then use this line in ACL in which time
range option is applied.
HTH,
Srdja
-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of Lab
Rat #109385382
Sent: Wednesday, November 01, 2006 18:54
To: cisco@xxxxxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
Subject: Time Range ACL Question
If the question is asking:
"allow access to the server until 00:01 Jan 1, 2007 UTC"
Is this:
Time-range ALLOW
Periodic daily 00:00 to 23:59
Absolute end 00:00 1 Jan 2007
Access-list permit ip any host 10.0.0.10 time-range ALLOW
The same as this:
Time-range DENY
Absolute start 00:01 1 Jan 2007
Access-list deny ip any host 10.0.0.10 time-range DENY
Thanks,
Ed
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=115285&t=115283
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
