No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, MPAC, separating the management plane from the service plane, security risks, PKI.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Time Range

Time Range

Background

An ACL contains various matching conditions to filter most packets. However, networks continue to evolve and requirements change. For example, an enterprise allows employees to access only the specified websites during work hours, and to access other websites in off-hours and weekends. Here is another example. The P2P and downloading services affect other data services during the peak hours of 20:00-22:00. Therefore, the network administrator is required to lower the bandwidth for the P2P and downloading services in this period.

Time-based ACL can meet the preceding requirements. The network administrators can create one or multiple time ranges according to users' network access behaviors and network congestion condition, and associate the time ranges with ACL rules. In this way, administrators can configure different policies in different time ranges to optimize networks.

Time Range Mode

You can associate a time range with ACL rules in either of the following ways:

  • Mode 1 - Periodic time range: defines a time range based on weeks. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday.

    Format: time-range time-name start-time to end-time { days } &<1-7>
    • time-name: indicates the name of a time range. It is a string starting with a letter.

    • start-time to end-time: indicates the start and end time of the time range. The format is [hour:minute] to [hour:minute].

    • days: includes the following values:
      • One of Mon, Tue, Wed, Thu, Fri, Sat, and Sun or a combination of them. The value can also be numeric. For example, 0 indicates Sunday, 1 indicates Monday..., and 6 indicates Saturday.
      • working-day: from Monday to Friday.
      • daily: from Monday to Sunday.
      • off-day: Saturday and Sunday.
  • Mode 2 - Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period.

    Format: time-range time-name from time1 date1 [ to time2 date2 ]
    • time-name: indicates the name of a time range. It is a string starting with a letter.

    • time1/time2: The format is [hour:minute].
    • date1/date2: The format is [YYYY/MM/DD], indicating year/month/date.

You can specify multiple time ranges in the same time-name parameter. The device obtains the intersection of the configured periodic or absolute time ranges.

For example, ACL 2001 is associated with time range test, which contains three sub-ranges:
#  
time-range test 8:00 to 18:00 working-day 
time-range test 14:00 to 18:00 off-day 
time-range test from 00:00 2014/01/01 to 23:59 2014/12/31 
#  
acl number 2001                                                                 
 rule 5 permit time-range test 
  • Sub-range 1: 8:00-18:00 from Monday to Friday (periodic time range)
  • Sub-range 2: 14:00-18:00 on Saturday and Sunday (periodic time range)
  • Sub-range 3: from 2014-1-1 00:00 to 2014-12-31 23:59 (absolute time range)

The time range test is: 8:00-18:00 on Monday to Friday and 14:00-18:00 every Saturday and Sunday in 2014.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178177

Views: 235144

Downloads: 758

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next