Vol 2 Lab 9 Task 6.2 - Is this a valid alternate solution?


I guess the key question is whether the deny statements with a time-range mean the mentioned source subnet is only denied during the "time range" then allowed by the "ip any any" when the time is "outside the time range"..

conf t
time-range work
periodic weekdays 09:00 to 17:00
ip access-list extended workh
permit tcp host eq telnet
permit tcp host eq www
deny tcp any eq www time-range work
deny tcp any eq 443 time-range work
permit ip any any
int f0/1
ip access-group workh in
do wr


  • Hi Somni,

    Your configuration looks correct. You can apply it in both the ways which technically should work. Either you can create the time-range for working hours & deny the ACL entry or you can create the time-range for off hours & permit the ACL entry. Both should work for this paritcular scenario.

    Good luck!

Sign In or Register to comment.