A rule based on the time range is included:
rule 10 deny ip source 10.1.1.1 0 time-range time1 //Reject the packets from 10.1.1.1 in the time range time1.
The following information is displayed:
Current time is 14:53:17 8-16-2013 Friday
Time-range: time1 ( Inactive )
from 00:00 2014/1/1 to 23:59 2014/12/31
Total time-range number is 1
The time range time1 starts at 00:00 on January 1, 2014 and ends at 23:59 on December 31, 2014, while the system time is 14:53:17 on August 16, 2013, which is not the actual date (August 16, 2014) and is not within the time range time1. Therefore, the ACL associated with time1 does not take effect, and packets from 10.1.1.1 are not discarded.
Correct the system date and time.
Run the clock datetime command in the user view.
clock datetime 14:53:17 2014-08-16 //Set the date to 2014-08-16.
Configure NTP to enable automatic clock synchronization on the device so that the device can synchronize clock information with a trusted device (which has synchronized clock information with an authoritative clock through the network).
On the trusted device, configure the NTP master clock and clock stratum.
Run the ntp-service refclock-master command in the system view.
ntp-service refclock-master 2 //A small stratum value indicates a high precision.
On the device that needs to synchronize clock information with the trusted device, set the NTP working mode. For details, see Configuring NTP Operating Modes in "NTP Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Device Management.