Starting with IOS version 12.0, time-based access lists allow an administrator to base security policies on the time of day and day of the week. This is a powerful tool, which allows the administrator to enable policies such as limiting the download of Web-based music or the playing of games over the internal network to after normal business hours. The end result is that the system users can play music and games when network response times are not an issue. This can be important from a political viewpoint, because a lot of users think that the administrators and security administrators prevent them from having fun, even when it does not affect any company goal. Additional benefits can be realized by using time-based access lists in the areas of dial-on-demand routing, policy-based routing, and queuing. These are all beyond the scope of this book, but are still useful in the daily administration of a network.
To establish time-based access lists, three steps are necessary:
Time-based access lists allow the administrator to allow or deny traffic based on the current time. Another tool available to the administrator is a reflexive access list, which will be discussed next.
3.144.121.45