13-Security Configuration Guide

HomeSupportConfigure & DeployConfiguration GuidesH3C Anchor Configuration Guide(R5436)-6W10113-Security Configuration Guide
02-Time range configuration
Title Size Download
02-Time range configuration 139.25 KB

Configuring time ranges

About time ranges

You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them.

The following basic types of time ranges are available:

·     Periodic time range—Recurs periodically on a day or days of the week.

·     Absolute time range—Represents only a period of time and does not recur.

The active period of a time range is calculated as follows:

1.     Combining all periodic statements.

2.     Combining all absolute statements.

3.     Taking the intersection of the two statement sets as the active period of the time range.

Restrictions and guidelines: Time range configuration

When you configure the ACL hardware mode, follow these restrictions and guidelines:

·     If a time range does not exist, the service based on the time range does not take effect.

·     You can create a maximum of 1024 time ranges, each with a maximum of 32 periodic statements and 12 absolute statements.

Procedure

1.     Enter system view.

system-view

2.     Create or edit a time range.

time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 }

If an existing time range name is provided, this command adds a statement to the time range.

Display and maintenance commands for time ranges

Execute the display command in any view.

 

Task

Command

Display time range configuration and status.

display time-range { time-range-name | all }

 

Time range configuration examples

Example: Configuring a time range

Network configuration

As shown in Figure 1, configure an ACL on the AC to allow Client 1 to access the server only from 8:00 to 18:00 on working days from June 2015 to the end of the year.

Figure 1 Network diagram

Procedure

# Create a periodic time range from 8:00 to 18:00 on working days from June 2015 to the end of the year.

<AC> system-view

[AC] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2015 to 24:0 12/31/2015

# Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit packets only from 192.168.1.2/32 during the time range work.

[AC] acl basic 2001

[AC-acl-ipv4-basic-2001] rule permit source 192.168.1.2 0 time-range work

[AC-acl-ipv4-basic-2001] rule deny source any time-range work

[AC-acl-ipv4-basic-2001] quit

# Apply IPv4 basic ACL 2001 to filter outgoing packets on VLAN-interface 100.

[AC] interface vlan-interface 100

[AC-Vlan-interface100] packet-filter 2001 outbound

[AC-Vlan-interface100] quit

Verifying the configuration

# Display time range configuration and status on the AC.

[AC] display time-range all

Current time is 09:40:55 5/26/2015 Tuesday

 

Time-range : work (Active)

 08:00 to 18:00 working-day

 from 00:00 6/1/2015 to 00:00 1/1/2016

The output shows that the time range work is active.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网