Login
- Table of Contents
-
- 13-Security Configuration Guide
- 00-Preface
- 01-ACL configuration
- 02-Time range configuration
- 03-User profile configuration
- 04-Public key management
- 05-PKI configuration
- 06-IPsec configuration
- 07-SSH configuration
- 08-Attack detection and prevention configuration
- 09-ARP attack protection configuration
- 10-ND attack defense configuration
- 11-Crypto engine configuration
- 12-Password control configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-Time range configuration | 139.37 KB |
Contents
Restrictions and guidelines: Time range configuration
Display and maintenance commands for time ranges
Time range configuration examples
Example: Configuring a time range
1 Configuring time ranges
About time ranges
You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them.
The following basic types of time ranges are available:
· Periodic time range—Recurs periodically on a day or days of the week.
· Absolute time range—Represents only a period of time and does not recur.
The active period of a time range is calculated as follows:
1. Combining all periodic statements.
2. Combining all absolute statements.
3. Taking the intersection of the two statement sets as the active period of the time range.
Restrictions and guidelines: Time range configuration
When you configure the ACL hardware mode, follow these restrictions and guidelines:
· If a time range does not exist, the service based on the time range does not take effect.
· You can create a maximum of 1024 time ranges, each with a maximum of 32 periodic statements and 12 absolute statements.
Procedure
1. Enter system view.
system-view
2. Create or edit a time range.
time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 }
If an existing time range name is provided, this command adds a statement to the time range.
Display and maintenance commands for time ranges
Execute the display command in any view.
|
Task |
Command |
|
Display time range configuration and status. |
display time-range { time-range-name | all } |
Time range configuration examples
Example: Configuring a time range
Network configuration
As shown in Figure1-1, configure an ACL on the AC to allow Client 1 to access the server only from 8:00 to 18:00 on working days from June 2015 to the end of the year.
Procedure
# Create a periodic time range from 8:00 to 18:00 on working days from June 2015 to the end of the year.
<AC> system-view
[AC] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2015 to 24:0 12/31/2015
# Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit packets only from 192.168.1.2/32 during the time range work.
[AC] acl basic 2001
[AC-acl-ipv4-basic-2001] rule permit source 192.168.1.2 0 time-range work
[AC-acl-ipv4-basic-2001] rule deny source any time-range work
[AC-acl-ipv4-basic-2001] quit
# Apply IPv4 basic ACL 2001 to filter outgoing packets on VLAN-interface 100.
[AC] interface vlan-interface 100
[AC-Vlan-interface100] packet-filter 2001 outbound
[AC-Vlan-interface100] quit
Verifying the configuration
# Display time range configuration and status on the AC.
[AC] display time-range all
Current time is 09:40:55 5/26/2015 Tuesday
Time-range : work (Active)
08:00 to 18:00 working-day
from 00:00 6/1/2015 to 00:00 1/1/2016
The output shows that the time range work is active.
