16-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter16 Configuring Filters
Configuring Filters Using the Web-Browser Interface
Creating a Time-Based ACL
Time-based ACLs are ACLs that can be enabled or disabled for a specific period of time. This capability
provides robustness and the flexibility to define access control policies that either permit or deny certain
kinds of traffic.
This example illustrates how to configure a time-based ACL through the CLI, where Telnet connection
is permitted from the inside to the outside network on weekdays during business hours:
Note A time-based ACL can be defined either on the gigabit Ethernet port or on the Radio port of the Aironet
AP, based on your requirements. It is never applied on the Bridge Group Virtual Interface (BVI).
Follow these steps to create a time-based ACL.
Step1 Log in to the AP through the CLI.
Step2 Use the console port or Telnet in order to access the ACL through the Ethernet interface or the wireless
interface.
Step3 Enter global configuration mode.
Step4 Create a Time Range. For this example, Test:
ap(config-time-range)# time-range Test
Step5 Create a time-range:
ap(config-time-range)# time-range periodic weekdays 7:00 to 19:00
Note Allows access to users during weekdays from 7:00 to 19:00 hrs.
Step6 Create an ACL. For this example, 101:
ap(config)# ip access-list extended 101
ap(config-ext-nacl)# permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range Test
Note This ACL permits Telnet traffic to and from the network for the specified time-range Test.
It also permits a Telnet session to the AP on weekdays, if the AP IP address is in the
172.16.1.0 subnet.
Step7 Apply the time-based ACL to the Ethernet interface:
ap(config)# interface gigabitEthernet 0
ap(config-if)# ip address 172.16.1.10 255.255.255.0
ap(config-if)# ip access-group 101 in