0

I asked this question a while back, and have since discovered the "time-range" command in the ASA 5510. This works as expected.

Is it possible to setup 2 sets of access-list rules that take effect at different times of day?

For Example, right now I have:

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay 
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay 
policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500

Can I add to that and set this up:

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay 
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay     
access-list WirelessNight-AL extended permit ip object-group Wireless any time-range NightTime 
access-list WirelessNight-AL extended permit ip any object-group Wireless time-range NightTime 
policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500
 class WirelessNight-AL
  police input 3000000 562500
  police output 3000000 562500

Basically, my goal is to heavily limit the Wireless bandwidth during the work day, but raise it at night and on weekends. I don't want to just turn off the service policy entirely at night because there are still many wired users during these times. Is this possible? Can I put 2 classes in the same policy-map if they use different access-lists? Even though the lists contain identical object-groups?

Thanks.

Community
  • 1
minamhere
  • 859
  • 7
  • 18

1 Answers1

1

It took some trial and error, but I found out how to make this work. I had to create a new class-map for the new access-lists, but once I did that, everything seemed to work fine.

Here's the relevant portions of the final config, for reference:

time-range Night_Weekend
 periodic weekdays 0:00 to 6:59
 periodic weekend 0:00 to 23:59
 periodic weekdays 19:00 to 23:59
!
time-range SchoolDay
 periodic weekdays 7:00 to 18:59

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay

access-list WirelessNight-AL extended permit ip object-group Wireless any time-range Night_Weekend
access-list WirelessNight-AL extended permit ip any object-group Wireless time-range Night_Weekend

class-map Wireless-AL
 description Student's wireless network traffic
 match access-list GPREP-Wireless
class-map WirelessNight-AL
 description Student's wireless network traffic for Nights_Weekends
 match access-list WirelessNight-AL

policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500
 class WirelessNight-AL
  police input 3000000 562500
  police output 3000000 562500
minamhere
  • 859
  • 7
  • 18