interface vlan 200
ip add 12.1.1.1 255.255.255.0
ip access-group test in
!
ip access-list extended test
permit tcp 209.29.100.0 0.0.0.255 any eq www time-range HTTP
permit tcp 209.29.100.0 0.0.0.255 any eq ftp time-range FTP
permit tcp 209.29.100.0 0.0.0.255 any eq ftp-data time-range FTP
permit udp 209.29.100.0 0.0.0.255 any time-range UDP
permit udp 209.29.100.0 0.0.0.255 any eq 1985-------放開HSRP流量
!
time-range FTP
periodic daily 22:00 to 23:59
!
time-range UDP
periodic daily 17:00 to 23:59
periodic daily 0:00 to 8:59
!
time-range HTTP
periodic weekdays 0:00 to 8:59
periodic weekdays 17:00 to 23:59
periodic weekend 0:00 to 23:59
time-range HTTP
periodic weekdays 09:00 to 16:59------時間範圍
time-range udp
periodic daily 9:00 to 16:59
time-range ftp
periodic daily 00:00 to 21:59
ip access-list extended test
permit udp 10.1.100.0 0.0.0.255 host 224.0.0.2 eq 1985-------放開HSRP流量
deny tcp 10.1.100.0 0.0.0.255 any eq www time-range HTTP
deny tcp 10.1.100.0 0.0.0.255 any eq ftp time-range ftp
deny udp 10.1.100.0 0.0.0.255 any time-range udp
permit ip 10.1.100.0 0.0.0.255 any
int vlan 200
ip access-group test in