RE: One minute question

From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Thu Nov 17 2005 - 16:21:57 GMT-3

• Next message: Scott Morris: "RE: One minute question"
• Previous message: Andrew Lissitz \(alissitz\): "RE: OT: :--) ODR problem"
• Maybe in reply to: Gustavo Novais: "One minute question"
• Next in thread: Scott Morris: "RE: One minute question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was thinking that the router would only disapply the ACL when the
hour:minute was greater than what was configured. And in doubt I labbed
it up.

time-range TEST
 periodic daily 9:00 to 17:00
!
Rack1R1#sh clock
17:01:04.442 UTC Thu Mar 1 2001
Rack1R1#sh access-lists
Extended IP access list 100
    10 permit ip host 1.1.1.1 host 2.2.2.2 time-range TEST (active)
Rack1R1#sh access-lists
Extended IP access list 100
    10 permit ip host 1.1.1.1 host 2.2.2.2 time-range TEST (active)
Rack1R1#sh access-lists
Extended IP access list 100
    10 permit ip host 1.1.1.1 host 2.2.2.2 time-range TEST (active)
Rack1R1#sh access-lists
Extended IP access list 100
    10 permit ip host 1.1.1.1 host 2.2.2.2 time-range TEST (active)
Rack1R1#sh access-lists
Extended IP access list 100
    10 permit ip host 1.1.1.1 host 2.2.2.2 time-range TEST (inactive)
Rack1R1#sh clock
17:01:54.348 UTC Thu Mar 1 2001

So what I found out is that although it was configured up to 17:00
the access-list remained active up to 17:01:ish.
That means that the upper limit is included on the time-range.
Which mean that until 17:00 should be configured up to 16:59.

The strange thing is that it didn't switch right after the clock ticked
17:01:00...

I'll repeat the test..

Comments?

Gustavo Novais

-----Original Message-----
From: John Matus [mailto:John.Matus@tokiom.com]
Sent: quinta-feira, 17 de Novembro de 2005 18:27
To: Gustavo Novais
Cc: ccielab@groupstudy.com; nobody@groupstudy.com
Subject: Re: One minute question

5pm = 17:00...............remember that 16:59:30 is also before 5pm as
well........so is 16:59:59. 5pm is just the a point in fime and does
not
have duration, so allowing the time 5pm does not allow for 17:00:01, or
even a milli-milli-second after 5pm

HTH

Regards,

John D. Matus
Technical Support / PAS
Fujitsu Consulting
626-568-7716
John.Matus@tokiom.com

             "Gustavo Novais"

             <gustavo.novais@n

             ovabase.pt>
To
             Sent by: <ccielab@groupstudy.com>

             nobody@groupstudy
cc
             .com

 
Subject
                                       One minute question

             11/17/2005 10:10

             AM

             Please respond to

             "Gustavo Novais"

             <gustavo.novais@n

                ovabase.pt>

Hi,

A dumb interpretation issue...

If we are told to allow access on weekdays to a server from 8 AM till
5PM, what would you configure?

Time-range TIMEACL

Periodic weekdays 8:00 to 16:59 or periodic weekdays 8:00 to 17:00

Access-list 100 permit ip any host 1.1.1.1 time-range TIMEACL

On IPexpert workbooks they tend to the first, on IEWB they tend to the
latter. Is the last minute included or excluded of the time range?

Would missing a minute make you lose points on the lab? I think of no
way of asking this to the proctor without receiving a "What do you
think?" answer

Gustavo Novais

• Next message: Scott Morris: "RE: One minute question"
• Previous message: Andrew Lissitz \(alissitz\): "RE: OT: :--) ODR problem"
• Maybe in reply to: Gustavo Novais: "One minute question"
• Next in thread: Scott Morris: "RE: One minute question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3