Configuring Time Range


Overview

Time range is a periodic time period configured on the switch. It’s a fixed time period for each week. For example, from 8:00 to 18:00 from Monday to Friday. The system starts this time at a fixed time of the week. Time ranges are used in ACL rules as a filtering condition to restrict the effective time period of an ACL filtering rule, so as to filter traffic flows within a certain time period. For example, restrict users accessing to a server at a specific time period. The system starts the time at a fixed time of the week according to the system clock after applied the time range to the ACL rules.

Users can use the following two command to configure a pair of starting time and ending time to define a time range.

set firewall time-range <time-range-name> periodic <periodic> <daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend> start <starting-time>

set firewall time-range <time-range-name> periodic <periodic> <daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend> end <ending-time>

The following example configures a time range, which ranges from 8:00 to 18:00 during weekly working hours.

admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays start 8:00:00
admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays end 18:00:00
admin@Xorplus# commit
admin@Xorplus# run show timerange timerange1234
TimeRange: timerange1234
Periodic: 400
    Week: weekdays, start:08:00:00, end:18:00:00

NOTEs:

  • A pair of start time and end time forms a time range.
  • Currently only one periodic can be configured under a time range. However, multiple time periods can be configured under one periodic. All the time periods under the same time range take effect.
  • In the same periodic, you cannot configure daily, weekdays, weekend at the same time.
admin@Xorplus# set firewall time-range time_range3 periodic 1 weekdays start 8:00:00
admin@Xorplus# set firewall time-range time_range3 periodic 1 weekdays end 18:00:00
admin@Xorplus# commit
Commit OK.
Save done.
admin@Xorplus# set firewall time-range time_range3 periodic 1 daily start 1:00:00
admin@Xorplus# set firewall time-range time_range3 periodic 1 daily end 3:00:00
admin@Xorplus# commit
Commit OK.

Example for Configuring ACL Rule of Time Range

Networking Requirements

Figure 1.  Example for Configuring ACL Rule of Time Range

As shown in Figure 1, Office PCs access the Internet and the company Server through Switch. To restrict Office PCs to access the company Server only during business hours (08:00-18:00) on weekdays, configure filtering conditions of time range, source address and destination address of a ACL rule to achieve this requirement.

Procedure

The following are the configuration steps on the device Switch.

Step 1        Configure VLANs and VLAN interfaces.

admin@Switch# set vlans vlan-id 30
admin@Switch# set vlans vlan-id 100
admin@Switch# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 30
admin@Switch# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 100
admin@Switch# set vlans vlan-id 30 l3-interface vlan30
admin@Switch# set vlans vlan-id 100 l3-interface vlan100
admin@Switch# set l3-interface vlan-interface vlan30 address 192.168.3.1 prefix-length 32
admin@Switch# set l3-interface vlan-interface vlan100 address 192.168.100.1 prefix-length 32

 Step 2        Configure time range.

admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays start 8:00:00
admin@Xorplus# set firewall time-range timerange1234 periodic 400 weekdays end 18:00:00

 Step 3        Configure ACL rule.

admin@Switch# set firewall filter f1 sequence 1 from destination-address-ipv4 192.168.100.1/32
admin@Switch# set firewall filter f1 sequence 1 from source-address-ipv4 192.168.3.0/24
admin@Switch# set firewall filter f1 sequence 1 from time-range timerange1234
admin@Switch# set firewall filter f1 sequence 1 then action forward

 Step 4        Apply the ACL filter rules to the access port.

admin@Switch# set firewall filter f1 input interface ge-1/1/1

 Step 5        Commit the configurations.

admin@Switch# commit

Verify Configuration

  • On Switch, run command run show timerange to view the configuration information about time range.
admin@Switch# run show timerange timerange1234
TimeRange: timerange1234
Periodic: 400
    Week: weekdays, start:08:00:00, end:18:00:00
  • On Switch, run command run show filter to view the information about the ACL filter rule.
admin@Switch# run show filter f1
Filter: f1
    Description:
    Sequence: 1
        Description:
        match counter:  0 packets
        match-condition:
            destination-address-ipv4: 192.168.100.1/32
            source-address-ipv4:    192.168.3.0/24
            time-range:            timerange1234
        action: forward
        forwarding_class:
    Input interface: ge-1/1/1



Copyright © 2024 Pica8 Inc. All Rights Reserved.