No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, MPAC, separating the management plane from the service plane, security risks, PKI.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Creating a Time Range in Which an ACL Takes Effect

(Optional) Creating a Time Range in Which an ACL Takes Effect

Context

By default, an ACL always takes effect after it is applied to a service module. To make ACL rules work only in a certain period, you can define a time range and associate it with the ACL rules. In this way, services can be controlled through a time-based ACL. For example, with a time-based ACL, an enterprise can forbid employees to access the Internet during work hours and limit bandwidth for bandwidth-consuming services such as P2P and downloading services during peak hours to avoid network congestion.

Time ranges associated with ACL rules are classified into:

  • Periodic time range: defines a time range by week. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday.

  • Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period.

NOTE:

If the system time of a device is not synchronized with the network time, the ACL rules cannot take effect in the associated time range. Therefore, configuring the Network Time Protocol (NTP) is recommended on the device to synchronize the system time. NTP ensures clock consistency on all devices on a network. For details on how to configure NTP, see Configuring Basic NTP Functions in "NTP Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Device Management.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run time-range time-name { start-time to end-time { days } &<1-7> | from time1 date1 [ to time2 date2 ] }

    A time range is created.

    By default, no time range is configured on a device.

    You can specify multiple time ranges for the same time range defined by time-name. The device obtains the intersection of the configured periodic or absolute time ranges.

    To delete a time range, see Deleting a time range.

Follow-up Procedure

After a time range is created, you need to create an ACL and configure the ACL rules to be associated with the time range. For the configuration of a basic ACL, see Configuring a Basic ACL.

Configuration Tips

Deleting a time range

Before deleting a time range, you must delete the ACL rules associated with the time range or delete the ACL to which the ACL rules belong.

For example, ACL 2001 contains rule 5 and is associated with time range time1.
#  
time-range time1 from 00:00 2014/1/1 to 23:59 2014/12/31
#                                                                               
acl number 2001                                                                 
 rule 5 permit time-range time1                                                  
#   
Before deleting time1, delete rule 5 or ACL 2001.
  • Delete rule 5, and then time1.

    <HUAWEI> system-view
    [HUAWEI] acl 2001
    [HUAWEI-acl-basic-2001] undo rule 5
    [HUAWEI-acl-basic-2001] quit
    [HUAWEI] undo time-range time1
  • Delete ACL 2001, and then time1.

    <HUAWEI> system-view
    [HUAWEI] undo acl 2001
    [HUAWEI] undo time-range time1
Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178177

Views: 231686

Downloads: 746

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next