How to configure an ACL time range on a WLAN device

6

If some services or functions need to be started at intervals or a specific period of time, run the time-range command on a WLAN device. When configuring ACL rules, you can use the name of a time range to reference this time range.

You can associate a time range with ACL rules in either of the following ways:

Mode 1 �?Periodic time range: defines a time range by week. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday.

Format: time-range time-name start-time to end-time { days } &<1-7>

Mode 2 �?Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period.

Format: time-range time-name from time1 date1 [ to time2 date2 ]



Create time range working-time (8:00�?8:00 from Monday to Friday) and configure a rule in ACL work-acl. The rule rejects the packets from network segment 192.168.1.0/24 within the period of the working time.

[HUAWEI] time-range working-time 8:00 to 18:00 working-day

[HUAWEI] acl name work-acl basic

[HUAWEI-acl-basic-work-acl] rule deny source 192.168.1.0 0.0.0.255 time-range working-time

Other related questions:
Configure ACL validity time range on S series switch
An S series switch, except S1700, supports two types of validity time of ACL rules: 1. Periodic time range: defines a time range based on weeks. The associated ACL rules take effect at an interval of one week. For example, if the time range of ACL rules is 8:00-12:00 on Monday, the ACL rules take effect at 8:00-12:00 on every Monday. Format: time-range time-name start-time to end-time { days } &<1-7> 2. Absolute time range: defines a time range from YYYY/MM/DD hh:mm to YYYY/MM/DD hh:mm. The associated ACL rules take effect only in this period. Format: time-range time-name from time1 date1 [ to time2 date2 ] Create a time range working-time (8:00-18:00 from Monday to Friday) and configure a rule in ACL work-acl. The rule rejects the packets from network segment 192.168.1.0/24 within the period working-time. [HUAWEI] time-range working-time 8:00 to 18:00 working-day [HUAWEI] acl name work-acl basic [HUAWEI-acl-basic-work-acl] rule deny source 192.168.1.0 0.0.0.255 time-range working-time

How to configure the mask of an ACL on a WLAN device
For WLAN devices, masks (wildcards) must be specified for the source and destination IP addresses in ACL rules. The wildcard is in dotted decimal notation. In a binary wildcard, the value 0 indicates that this bit needs to be matched and the value 1 indicates that this bit does not need to be matched. 0s and 1s in a wildcard can be discontinuous. For example, the IP address 192.168.1.169 and the wildcard 0.0.0.172 represent address 192.168.1.x0x0xx01. x can be 0 or 1.

Methods of configuring the ACL for a WLAN device
ACL is essentially a packet filter whose rules act as the filter core. The device matches packets based on these rules to filter specific packets, and allows the filtered packets to pass or prevent them from passing according to the processing policies of the service module on which the ACL is applied. Currently, the ACLs on WLAN devices are classified into basic ACL (2000-2999), advanced ACL (3000-3999), Layer 2 ACL (4000-4999), user ACL (6000-9999), basic ACL 6 (2000-2999), and advanced ACL 6 (3000-3999). Fat APs do not support basic ACL 6 and advanced ACL 6. For more information about the ACL of Huawei WLAN devices, see: V200R005: ACL Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation . V200R006: ACL Configuration in AC6605&AC6005&ACU2(AC&FITAP)Product Documentation.

Can ACLs on S series switches restrict time range
ACLs on S series switches can restrict time range. For example, you can use a Layer 2 ACL to restrict the PPPoE dial-up time segment on a switch. Run the time-range command to specify a time range, and reference the time range in a Layer 2 ACL rule.

Can an ACL rule match a time range that does not exist? Does the ACL take effect
When the ACL rule is configured to match time-range time-name, the configuration takes effect regardless of whether the time-range time-name command has been configured. If the ACL rule matches no time-range time-name, the device considers that the ACL rule is invalid and the time-range time-name command is in inactive state. After the time-range time-name command is configured and in active state, the ACL rule automatically updates its status and changes to valid.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top