Access control configuration example, Network requirements – H3C Technologies H3C MSR 50 User Manual
Page 178
157
Table 90 Configuration items
Item Description
Begin-End Time
Set the time range of a day for the rule to
take effect. The start time must be earlier
than the end time.
IMPORTANT:
Set both types of time ranges or set neither
of them. To set neither of them, make sure
the Begin-End Time is 00:00 - 00:00 and
no days of a week are selected. Setting
neither of them means it takes effect all the
time.
Week
Select the days of a week for the rule to
take effect.
Protocol
Specify to control accesses based on the protocol used for data transmission.
Three options are available: TCP, UDP, and IP.
For which services use which protocols, see
.
Source IP Address
Configure the IP address range of computers. To control a single IP address, enter the
address in the two fields.
Destination Port
Set the port range to be filtered.
For example, to control Telnet access, enter 23 in the two fields.
Operation
Action to be taken for matching packets.
The action is Deny, which means all packets matching the access control policies are
not allowed to pass.
Table 91 Commonly used services and their ports
Service Transport layer protocol
Port number
FTP TCP 21
Telnet TCP 23
TFTP UDP 69
Web TCP 80
Access control configuration example
Network requirements
As shown
, internal users of a company, Host A to Host D, access the Internet through the
router. Configure an access control policy so that:
•
Host A to Host C cannot access the Internet from 09:00 to 18:00 every Monday to Friday. They can
access the Internet at all other times.
•
Host D can access the Internet any time.