Access control configuration example, Network requirements – H3C Technologies H3C MSR 50 User Manual

157

Table 90 Configuration items

Item Description

Begin-End Time

Set the time range of a day for the rule to
take effect. The start time must be earlier
than the end time.

IMPORTANT:

Set both types of time ranges or set neither

of them. To set neither of them, make sure
the Begin-End Time is 00:00 - 00:00 and

no days of a week are selected. Setting

neither of them means it takes effect all the
time.

Week

Select the days of a week for the rule to
take effect.

Protocol

Specify to control accesses based on the protocol used for data transmission.
Three options are available: TCP, UDP, and IP.
For which services use which protocols, see

Table 91

.

Source IP Address

Configure the IP address range of computers. To control a single IP address, enter the
address in the two fields.

Destination Port

Set the port range to be filtered.
For example, to control Telnet access, enter 23 in the two fields.

Operation

Action to be taken for matching packets.
The action is Deny, which means all packets matching the access control policies are
not allowed to pass.

Table 91 Commonly used services and their ports

Service Transport layer protocol

Port number

FTP TCP 21

Telnet TCP 23

TFTP UDP 69

Web TCP 80

Access control configuration example

Network requirements

As shown

Figure 160

, internal users of a company, Host A to Host D, access the Internet through the

router. Configure an access control policy so that:

•

Host A to Host C cannot access the Internet from 09:00 to 18:00 every Monday to Friday. They can
access the Internet at all other times.

•

Host D can access the Internet any time.