Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-23
Command Function
DES-7200(config)# ip access-list extended
101
Enter the ACL configuration mode.
DES-7200(config-ext-nacl)# permit ip any any
time-range time-range-name
Configure the ACE of a time-range.
Note
The length of the name should be 1-32 characters, which should not
include any space.
You can set one absolute time range at most. The application based
on time-ranges will be valid only in this time range.
You can set one or more periodic intervals. If you have already set a
running time range for the time-range, the application takes effect at
periodic intervals in that time range.
The following example shows how to deny HTTP data streams during the working
hours in a week by using the ACLs as example:
DES-7200(config)# time-range no-http
DES-7200(config-time-range)# periodic weekdays 8:00 to 18:00
DES-7200(config)# end
DES-7200(config)# ip access-list extended limit-udp
DES-7200(config-ext-nacl)# deny tcp any any eq www time-range no-http
DES-7200(config-ext-nacl)# exit
DES-7200(config)# interface gigabitEthernet 0/1
DES-7200(config-if)# ip access-group no-http in
DES-7200(config)# end
Example of displaying time range:
DES-7200# show time-range
time-range entry: no-http(inactive)
periodic Weekdays 8:00 to 18:00
time-range entry: no-udp
periodic Tuesday 15:30 to 16:30
1.10 Configuring Security
Tunnel
Applying a secure ACL globally means that the ACL is a security tunnel. A general ACL
is installed on a port or port map; a security tunnel is installed on an interface or
globally. The difference between them arises in priority. The security tunnel takes
precedence over port security (that is the IP binding under port security), 802.1x and
secure ACL. The global security tunnel takes effect for all ports, unless you set a port
as an exception port.