Time Restriction Policy Definition

time based restrictions are used to regulate the cli connections to network elements via kron pam in a timely manner time and command based restrictions can be used together to best fit your security needs the example below reflects a scenario that a service provider may experience often time interval authorization explanation weekdays 06 00 22 00 only monitoring commands configuration commands are restricted due to potential effects on service weekdays 22 00 02 00 all configuration commands but the service affecting commands may be run operators may run all configuration commands but commands such as “reboot”, “restart”, or “bgp shutdown” weekdays 02 00 06 00 all commands no restrictions on running commands weekend only monitoring commands configuration commands are restricted due to potential effects on service there must be four time based policies and three command based policies covering all the alternatives from the table above time based policies tbp 1 06 00 – 22 00, mon, tue, wed, thu, fri tbp 2 22 00 – 02 00, mon, tue, wed, thu, fri tbp 3 02 00 – 06 00, mon, tue, wed, thu, fri tbp 4 sat, sun command based policies whitelist 1 sh blacklist 1 rebo , resta , bgp /s shut whitelist 2 the regular expression, “ ” covers all of the command subsets by using command and time based policies together the scenario above would look like this weekdays 06 00 – 22 00 tbp 1 & whitelist 1 weekdays 22 00 – 02 00 tbp 2 & blacklist 1 weekdays 02 00 – 06 00 tbp 3 & whitelist 2 weekend tbp 4 & whitelist 1