Method used to restrict users to access the Internet within a specified period of time for the USG2000 and USG5000

21

In the NAT policy, run the policy time-range time-name command and configure the policy validity period. In this way, users can only access the Internet within the specified period of time.

Other related questions:
Configuring Internet access only within a specified period of time on the USG6000
Configure a time-based security policy.

How to restrict the period during which users access the Internet
You can define ACL rules with the time range specified. For example, to limit users' access to 2.2.2.0/24 from 00:00 to 08:00, perform the following configurations: system-view [Huawei] time-range wb 00:00 to 08:00 daily [Huawei] acl number 3000 [Huawei-acl-adv-3000] rule deny ip destination 2.2.2.0 0.0.0.255 time-range wb [Huawei-acl-adv-3000] rule permit ip For details on how to configure a traffic classifiers, behaviors (action is set to permit), and traffic policies, see MQC Configuration in AR QoS Configuration Guide.

Whether the USG2000 and USG5000 can restrict that only certain IP addresses on the intranet can access the Internet
On the web UI, choose Policy > Security Policy > Policy Matching Analysis to check the policy matching information.

Configure ACL validity time range on S series switch
An S series switch, except S1700, supports two types of validity time of ACL rules: 1. Periodic time range: defines a time range based on weeks. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday. Format: time-range time-name start-time to end-time { days } &<1-7> 2. Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period. Format: time-range time-name from time1 date1 [ to time2 date2 ] Create a time range working-time (8:00-18:00 from Monday to Friday) and configure a rule in ACL work-acl. The rule rejects the packets from network segment 192.168.1.0/24 within the period working-time. [HUAWEI] time-range working-time 8:00 to 18:00 working-day [HUAWEI] acl name work-acl basic [HUAWEI-acl-basic-work-acl] rule deny source 192.168.1.0 0.0.0.255 time-range working-time

Method used to view an online L2TP user on the USG2000 and USG5000
The method used to view an online L2TP user on the USG2000 and USG5000 is as follows: You can run the display access-user command to view an online user. HRP_M[Slave-aaa] display access-user Total users : 1 Wait authen-ack : 0 Authentication success : 1 Accounting ready : 1 Accounting state : 0 Wait leaving-flow-query : 0 Wait accounting-start : 0 Wait accounting-stop : 0 Wait authorization-client : 0 Wait authorization-server : 0 Domain-name Online-user default : 1 The used CID table are : 0 To view specific user information, run the display access-user [ domain domain-name | ip-address ip-address | mac-address mac-address | user-id user-id | user-name user-name] command: HRP_M[Slave-aaa] display access-user user-id 0 User access index : 0 State : Used User name : jtq User access VLAN/PVC : 0 User MAC : ffff-ffff-ffff User IP address : 1.1.1.2 User access type : PPP User authentication type : PPP authentication Current authen method : Local authentication Authen result : Success Current author method : Local authorization Author result : Success Action flag : Idle Authen state : Authed Author state : Idle Accounting method : No accounting Accounting start time : 2008-03-15 06:09:39 Accounting state : Ready ACL-number : 255 Priority : - Up CAR enable : NO Up average rate : 0(bps) Up peak rate : 0(bps) Down CAR enable : NO Down average rate : 0(bps) Down peak rate : 0(bps) Up packets number(high,low) : (0,771) Up bytes number(high,low) : (0,42360) Down packets number(high,low) : (0,761) Down bytes number(high,low) : (0,42616)

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top