Vol 2 Lab 9 Task 6.2 - Is this a valid alternate solution?

 

I guess the key question is whether the deny statements with a time-range mean the mentioned source subnet is only denied during the "time range" then allowed by the "ip any any" when the time is "outside the time range"..

conf t
time-range work
periodic weekdays 09:00 to 17:00
!
ip access-list extended workh
permit tcp 148.6.5.0 0.0.0.255 host 148.6.3.100 eq telnet
permit tcp 148.6.5.0 0.0.0.255 host 148.6.3.100 eq www
deny tcp 148.6.5.0 0.0.0.255 any eq www time-range work
deny tcp 148.6.5.0 0.0.0.255 any eq 443 time-range work
permit ip any any
!
int f0/1
ip access-group workh in
do wr
end
!

Comments

  • Hi Somni,

    Your configuration looks correct. You can apply it in both the ways which technically should work. Either you can create the time-range for working hours & deny the ACL entry or you can create the time-range for off hours & permit the ACL entry. Both should work for this paritcular scenario.

    Good luck!

Sign In or Register to comment.