beautypg.com

H3C Technologies H3C Intelligent Management Center User Manual

Page 850

background image

836

8.

If you want to apply a time range to the rule set, click the checkbox to the left of Configure ACL

Rules with Time Range.

9.

Click Next.

10.

Do one of the following:

{

If you checked the box to Configure ACL Rules with Time Range, click Add under Configure
Time Range to add a time range to this rule set.

{

If you do not want to add a time range, skip to Step 14.

11.

Enter a name for the time range in the Name field of the Add Time Range page.
Time Range names must begin with a letter [A-Z] and consist of 1-32 characters. Blank spaces [ ]
and question marks [?] are not permitted. Uppercase letters may be converted to lowercase letters
by some devices after deployment.

12.

Click Add to enter a time range.
The Add Time Range dialog box appears.

13.

Select the type of time range you want to create by clicking the radio button to the left of the

desired time range type:

{

Fixed if you want to identify a specific and finite start and end date and time.

{

Cyclic if you want the time range to recur for selected days of the week.

See "

Configuring fixed time ranges

" to configure fixed time ranges and "

Configuring cyclic time

ranges

" to configure cyclic time ranges.

14.

Click Add on the Configure Rule page to configure a new rule.
The Add Rule page appears.

15.

Select the action you want to take by clicking the radio button to the left of the option you want
to apply to this rule:

{

Select permit if, upon matching the specified conditions, the packet should be forwarded.

{

Select deny if, upon matching the specified conditions, the packet should be discarded.

16.

Select the time range you want to apply to this rule from the Time Range list you created in the Step
10.

17.

Select the source IP address option you want to use by clicking the radio button to the left of the
desired option in the Source Address field of the Add Rule page.
This option specifies where the pattern matching occurs in this rule. In this case, the pattern
matching applies to the source IP address.

All: Allows you to permit or deny traffic for all IP addresses.

IP Address/Mask: Allows you to enter a specific IP address and its subnet mask for which you want
to either permit or deny traffic for.
Enter an IP address/subnet mask combination in the IP Address/Mask field. The subnet mask must
be entered in dotted decimal notation. A valid IP address/subnet mask using dotted decimal

notation would be

192.168.1.0/255.255.255.0

A forward slash "/" must be used to separate the IP address from the subnet mask.

18.

Do one of the following:

{

Click the radio button to the left of Yes in the Fragment option if you want to apply the rule

to each fragment, or