Certain divisions of the company tend to shoot themselves in the foot by kicking off large file transfers during business hours, so I had a thought that maybe we could use time-based ACLs to do some QoSing for those guys. I fired up GNS3 with a 3600 running 12.4(25b) with some virtual PCs on it’s Ethernet interfaces.
1234567891011 time-range BUSINESSHOURSperiodic daily 8:00 to 17:00!ip access-list extended PINGSpermit icmp any any time-range BUSINESSHOURS!class-map match-all PINGSmatch access-group name PINGS!policy-map PM-F0/0-OUTclass PINGS
First, I set the router’s time to outside of the time range and sent some pings over.
12345678910111213141516171819 R1#sh clock00:01:13.107 UTC Wed Apr 28 2010R1#sh access-listsExtended IP access list PINGS10 permit icmp any any time-range BUSINESSHOURS (inactive)R1#sh policy-map int f0/0FastEthernet0/0Service-policy output: PM-F0/0-OUTClass-map: PINGS (match-all)0 packets, 0 bytes5 minute offered rate 0 bpsMatch: access-group name PINGSClass-map: class-default (match-any)11 packets, 1140 bytes5 minute offered rate 0 bps, drop rate 0 bpsMatch: any
Alright, that’s expected. Now let’s set the clock to within the time range and repeat.
12345678910111213141516171819 R1#sh clock13:00:12.887 UTC Wed Apr 28 2010R1#sh access-listsExtended IP access list PINGS10 permit icmp any any time-range BUSINESSHOURS (active) (10 matches)R1#sh policy-map int f0/0FastEthernet0/0Service-policy output: PM-F0/0-OUTClass-map: PINGS (match-all)10 packets, 980 bytes5 minute offered rate 0 bpsMatch: access-group name PINGSClass-map: class-default (match-any)20 packets, 1970 bytes5 minute offered rate 0 bps, drop rate 0 bpsMatch: any
How about that? Time-based ACLs seems to work with policy-maps. I didn’t know that.
1 comment for “Stubby Post – Time-based ACLs and Policy-maps”