- Table of Contents
-
- 16-Security Configuration Guide
- 00-Preface
- 01-ACL configuration
- 02-Time range configuration
- 03-User profile configuration
- 04-Password control configuration
- 05-Public key management
- 06-PKI configuration
- 07-IPsec configuration
- 08-SSH configuration
- 09-SSL configuration
- 10-SSL VPN configuration
- 11-Session management
- 12-Connection limit configuration
- 13-Attack detection and prevention configuration
- 14-IP source guard configuration
- 15-ARP attack protection configuration
- 16-ND attack defense configuration
- 17-ASPF configuration
- 18-Protocol packet rate limit configuration
- 19-Crypto engine configuration
- 20-Object group configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
02-Time range configuration | 148.25 KB |
Contents
Restrictions: Hardware compatibility with time range
Restrictions and guidelines: Time range configuration
Display and maintenance commands for time ranges
Time range configuration examples
Example: Configuring a time range
Configuring time ranges
About time ranges
You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them.
The following basic types of time ranges are available:
· Periodic time range—Recurs periodically on a day or days of the week.
· Absolute time range—Represents only a period of time and does not recur.
The active period of a time range is calculated as follows:
1. Combining all periodic statements.
2. Combining all absolute statements.
3. Taking the intersection of the two statement sets as the active period of the time range.
Restrictions: Hardware compatibility with time range
Hardware series |
Model |
Product code |
Time range compatibility |
WX1800H series |
WX1804H-PWR |
EWP-WX1804H-PWR-CN |
Yes |
WX2500H series |
WX2508H-PWR-LTE WX2510H-PWR WX2510H-F-PWR WX2540H WX2540H-F WX2560H |
EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H |
Yes |
MAK series |
MAK204 MAK206 |
EWP-MAK204 EWP-MAK206 |
Yes |
WX3000H series |
WX3010H WX3010H-X-PWR WX3010H-L-PWR WX3024H WX3024H-L-PWR WX3024H-F |
EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F |
Yes: · WX3010H · WX3010H-X-PWR · WX3024H · WX3024H-F No: · WX3010H-L-PWR · WX3024H-L-PWR |
WX3500H series |
WX3508H WX3508H WX3510H WX3510H WX3520H WX3520H-F WX3540H WX3540H |
EWP-WX3508H EWP-WX3508H-F EWP-WX3510H EWP-WX3510H-F EWP-WX3520H EWP-WX3520H-F EWP-WX3540H EWP-WX3540H-F |
Yes |
WX5500E series |
WX5510E WX5540E |
EWP-WX5510E EWP-WX5540E |
Yes |
WX5500H series |
WX5540H WX5560H WX5580H |
EWP-WX5540H EWP-WX5560H EWP-WX5580H |
Yes |
Access controller modules |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
Yes |
Hardware series |
Model |
Product code |
Time range compatibility |
WX1800H series |
WX1804H-PWR WX1810H-PWR WX1820H WX1840H |
EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL |
Yes |
WX3800H series |
WX3820H WX3840H |
EWP-WX3820H-GL EWP-WX3840H-GL |
Yes |
WX5800H series |
WX5860H |
EWP-WX5860H-GL |
Yes |
Restrictions and guidelines: Time range configuration
When you configure the ACL hardware mode, follow these restrictions and guidelines:
· If a time range does not exist, the service based on the time range does not take effect.
· You can create a maximum of 1024 time ranges, each with a maximum of 32 periodic statements and 12 absolute statements.
Procedure
1. Enter system view.
system-view
2. Create or edit a time range.
time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 }
If an existing time range name is provided, this command adds a statement to the time range.
Display and maintenance commands for time ranges
Execute the display command in any view.
Task |
Command |
Display time range configuration and status. |
display time-range { time-range-name | all } |
Time range configuration examples
Example: Configuring a time range
Network configuration
As shown in Figure 1, configure an ACL on the AC to allow Client 1 to access the server only from 8:00 to 18:00 on working days from June 2015 to the end of the year.
Procedure
# Create a periodic time range from 8:00 to 18:00 on working days from June 2015 to the end of the year.
<AC> system-view
[AC] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2015 to 24:0 12/31/2015
# Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit packets only from 192.168.1.2/32 during the time range work.
[AC] acl basic 2001
[AC-acl-ipv4-basic-2001] rule permit source 192.168.1.2 0 time-range work
[AC-acl-ipv4-basic-2001] rule deny source any time-range work
[AC-acl-ipv4-basic-2001] quit
# Apply IPv4 basic ACL 2001 to filter outgoing packets on VLAN-interface 100.
[AC] interface vlan-interface 100
[AC-Vlan-interface100] packet-filter 2001 outbound
[AC-Vlan-interface100] quit
Verifying the configuration
# Display time range configuration and status on the AC.
[AC] display time-range all
Current time is 09:40:55 5/26/2015 Tuesday
Time-range : work (Active)
08:00 to 18:00 working-day
from 00:00 6/1/2015 to 00:00 1/1/2016
The output shows that the time range work is active.