< Home

(Optional) Creating a Time Range in Which an ACL Takes Effect

Context

By default, an ACL is always effective after it is applied to a service module. To make the ACL rules work only in a certain period, you can define a time range and associate it with the ACL rules. In this way, services can be controlled through a time-based ACL. For example, by configuring ACLs with specified time ranges, an enterprise can forbid employees to access the Internet during work hours and limit bandwidth for bandwidth-consuming services such as P2P and downloading services during peak hours to avoid network congestion.

Time ranges associated with ACL rules are classified into:

  • Periodic time range: defined by week. That is, ACL rules can take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday.

  • Absolute time range: defined by a period of time, in the format of from YYYY/MM/DD HH:MM to YYYY/MM/DD HH:MM. That is, ACL rules take effect only during this period.

If the system time of a device is not synchronized with the network time, the ACL rules cannot take effect in the associated time range. To make ACL rules take effect on a device, configure the Network Time Protocol (NTP) on the device to automatically synchronize the system time with the network time. NTP ensures clock consistency on all devices on a network. For details on how to configure NTP, see Configuring Basic NTP Functions in "NTP Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Device Management.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run time-range time-name { start-time to end-time { days } &<1-7> | from time1 date1 [ to time2 date2 ] }

    A time range is created.

    By default, no time range is configured on a device.

    You can specify multiple time ranges for time-name. The device obtains the intersection of the configured periodic or absolute time ranges.

    To delete a time range, see Deleting a Time Range.

Follow-up Procedure

After a time range is created, you need to create an ACL and configure the ACL rules to be associated with the time range. For the configuration of an ACL, see Configuring an ACL.

Configuration Examples

Deleting a time range

Before deleting a time range, you must delete the ACL rules associated with the time range or delete the ACL to which the ACL rules belong.

For example, ACL 2001 contains rule 5 and is associated with time range time1.
#  
time-range time1 from 00:00 2014/1/1 to 23:59 2014/12/31
#                                                                               
acl number 2001                                                                 
 rule 5 permit time-range time1                                                  
#
Before deleting time1, delete rule 5 or ACL 2001.

  • Delete rule 5 and then time1.

    <HUAWEI> system-view
[HUAWEI] acl 2001
[HUAWEI-acl-basic-2001] undo rule 5
[HUAWEI-acl-basic-2001] quit
[HUAWEI] undo time-range time1

  • Delete ACL 2001 and then time1.

    <HUAWEI> system-view
[HUAWEI] undo acl 2001
[HUAWEI] undo time-range time1
Parent Topic: ACL Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >