No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Time Range-based ACL Does Not Take Effect Due to Incorrect System Time

Time Range-based ACL Does Not Take Effect Due to Incorrect System Time

Fault Description

The system time on the device is incorrect, so the time range-based ACL does not take effect.

Procedure

  1. Run the display acl command in the system view to check ACL rules.

    A rule based on time range is included:

    rule 10 deny ip source 10.1.1.1 0 time-range time1 //Reject the packets from 10.1.1.1 in the time range time1.

  2. Run the display time-range { all | time-name } command in the system view to check the configuration of time range time1.

    The following information is displayed:

    Current time is 14:53:17 8-16-2013 Friday                                       
                                                                                    
    Time-range: time1 ( Inactive )                                                  
    from 00:00 2014/1/1 to 23:59 2014/12/31                                         
    Total time-range number is 1 

    The time range time1 starts at 00:00 on January 1, 2014 and ends at 23:59 on December 31, 2014, while the system time is 14:53:17 on August 16, 2013. The actual date is August 16, 2014. The system time on the device is not within the time range time1. Therefore, the ACL associating with time1 does not take effect, and packets from 10.1.1.1 are not discarded.

  3. Change the system date and time.

    • Correct the system date and time.

      Run the clock datetime command in the user view.

      clock datetime 14:53:17 2014-08-16 //Set the date to 2014-08-16.
    • Configure NTP to enable automatic clock synchronization on the device so that the device can synchronize clock with a trusted device (which has been synchronized clock with an authoritative clock through network).

      1. On the trusted device, configure the NTP master clock and clock stratum.

        Run the ntp-service refclock-master command in the system view.

        ntp-service refclock-master 2 //A small stratum value indicates a high precision.
      2. On the device that needs to synchronize clock with the trusted device, set the NTP working mode. For details, see Configuring NTP Operating Modes.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034236

Views: 95947

Downloads: 58

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next