Configuring Time Range
Overview
Time range is a periodic time period configured on the switch. It’s a fixed time period for each week. For example, from 8:00 to 18:00 from Monday to Friday. The system starts this time at a fixed time of the week. Time ranges are used in ACL rules as a filtering condition to restrict the effective time period of an ACL filtering rule, so as to filter traffic flows within a certain time period. For example, restrict users accessing to a server at a specific time period. The system starts the time at a fixed time of the week according to the system clock after applied the time range to the ACL rules.
Users can use the following two command to configure a pair of starting time and ending time to define a time range.
set firewall time-range <time-range-name> periodic <periodic> <daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend> start <starting-time>
set firewall time-range <time-range-name> periodic <periodic> <daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend> end <ending-time>
The following example configures a time range, which ranges from 8:00 to 18:00 during weekly working hours.
admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays start 8:00:00 admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays end 18:00:00 admin@Xorplus# commit admin@Xorplus# run show timerange timerange1234 TimeRange: timerange1234 Periodic: 400 Â Â Week: weekdays, start:08:00:00, end:18:00:00
NOTEs:
- A pair of start time and end time forms a time range.
- Currently only one periodic can be configured under a time range. However, multiple time periods can be configured under one periodic. All the time periods under the same time range take effect.
- In the same periodic, you cannot configure daily, weekdays, weekend at the same time.
admin@Xorplus# set firewall time-range time_range3 periodic 1 weekdays start 8:00:00 admin@Xorplus# set firewall time-range time_range3 periodic 1 weekdays end 18:00:00 admin@Xorplus# commit Commit OK. Save done. admin@Xorplus# set firewall time-range time_range3 periodic 1 daily start 1:00:00 admin@Xorplus# set firewall time-range time_range3 periodic 1 daily end 3:00:00 admin@Xorplus# commit 'daily', 'weekdays', 'weekend' should be configured separately in one periodic Commit failed.
Example for Configuring ACL Rule of Time Range
Networking Requirements
Figure 1. Â Example for Configuring ACL Rule of Time Range
As shown in Figure 1, Office PCs access the Internet and the company Server through Switch. To restrict Office PCs to access the company Server only during business hours (08:00-18:00) on weekdays, configure filtering conditions of time range, source address and destination address of a ACL rule to achieve this requirement.
Procedure
The following are the configuration steps on the device Switch.
Step 1Â Â Â Â Configure VLANs and VLAN interfaces.
admin@Switch# set vlans vlan-id 30 admin@Switch# set vlans vlan-id 100 admin@Switch# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 30 admin@Switch# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 100 admin@Switch# set vlans vlan-id 30 l3-interface vlan30 admin@Switch# set vlans vlan-id 100 l3-interface vlan100 admin@Switch# set l3-interface vlan-interface vlan30 address 192.168.3.1 prefix-length 32 admin@Switch# set l3-interface vlan-interface vlan100 address 192.168.100.1 prefix-length 32
 Step 2    Configure time range.
admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays start 8:00:00 admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays end 18:00:00
 Step 3     Configure ACL rule.
admin@Switch# set firewall filter f1 sequence 1 from destination-address-ipv4 192.168.100.1/32 admin@Switch# set firewall filter f1 sequence 1 from source-address-ipv4 192.168.3.0/24 admin@Switch# set firewall filter f1 sequence 1 from time-range timerange1234 admin@Switch# set firewall filter f1 sequence 1 then action forward
 Step 4    Apply the ACL filter rules to the access port.
admin@Switch# set firewall filter f1 input interface ge-1/1/1
 Step 5    Commit the configurations.
admin@Switch# commit
Verify Configuration
- On Switch, run command run show timerange to view the configuration information about time range.
admin@Switch# run show timerange timerange1234 TimeRange: timerange1234 Periodic: 400 Â Â Week: weekdays, start:08:00:00, end:18:00:00
- On Switch, run command run show filter to view the information about the ACL filter rule.
admin@Switch# run show filter f1 Filter: f1   Description:   Sequence: 1       Description:       match counter: 0 packets       match-condition:           destination-address-ipv4: 192.168.100.1/32           source-address-ipv4:   192.168.3.0/24           time-range:           timerange1234       action: forward       forwarding_class:    Input interface: ge-1/1/1
Copyright © 2024 Pica8 Inc. All Rights Reserved.