How do I restrict the period during which users can access specific networks

10

You can define access control lists (ACLs) with time ranges. For example, under the following configuration, users cannot access 2.2.2.0/24 from 00:00 to 08:00 daily.

[Huawei] time-range wb 00:00 to 08:00 daily
[Huawei] acl number 3000
[Huawei-acl-adv-3000] rule deny ip destination 2.2.2.0 0.0.0.255 time-range wb
[Huawei-acl-adv-3000] rule permit ip

Other related questions:
How to restrict the period during which users access the Internet
You can define ACL rules with the time range specified. For example, to limit users' access to 2.2.2.0/24 from 00:00 to 08:00, perform the following configurations: system-view [Huawei] time-range wb 00:00 to 08:00 daily [Huawei] acl number 3000 [Huawei-acl-adv-3000] rule deny ip destination 2.2.2.0 0.0.0.255 time-range wb [Huawei-acl-adv-3000] rule permit ip For details on how to configure a traffic classifiers, behaviors (action is set to permit), and traffic policies, see MQC Configuration in AR QoS Configuration Guide.

How to configure an ACL time range on a WLAN device
If some services or functions need to be started at intervals or a specific period of time, run the time-range command on a WLAN device. When configuring ACL rules, you can use the name of a time range to reference this time range. You can associate a time range with ACL rules in either of the following ways: Mode 1 �?Periodic time range: defines a time range by week. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday. Format: time-range time-name start-time to end-time { days } &<1-7> Mode 2 �?Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period. Format: time-range time-name from time1 date1 [ to time2 date2 ] Create time range working-time (8:00�?8:00 from Monday to Friday) and configure a rule in ACL work-acl. The rule rejects the packets from network segment 192.168.1.0/24 within the period of the working time. [HUAWEI] time-range working-time 8:00 to 18:00 working-day [HUAWEI] acl name work-acl basic [HUAWEI-acl-basic-work-acl] rule deny source 192.168.1.0 0.0.0.255 time-range working-time

Configure ACL validity time range on S series switch
An S series switch, except S1700, supports two types of validity time of ACL rules: 1. Periodic time range: defines a time range based on weeks. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday. Format: time-range time-name start-time to end-time { days } &<1-7> 2. Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period. Format: time-range time-name from time1 date1 [ to time2 date2 ] Create a time range working-time (8:00-18:00 from Monday to Friday) and configure a rule in ACL work-acl. The rule rejects the packets from network segment 192.168.1.0/24 within the period working-time. [HUAWEI] time-range working-time 8:00 to 18:00 working-day [HUAWEI] acl name work-acl basic [HUAWEI-acl-basic-work-acl] rule deny source 192.168.1.0 0.0.0.255 time-range working-time

How to prevent users from logging in to S series switches in any way except Telnet
S series switches (except S1700 switches) support multiple user access types. A user can log in to a switch only when the user access type is the same as the access type configured for the user on the switch. If you want to restrict the user access type to Telnet, run the local-user user-name service-type telnet command in the AAA view to set the access type to Telnet. By default, a local user cannot use any access type.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top