Time-based ACL Cisco IOS
August
17
, 2018
I was searching for a time-based rate limiting is to use the time range command built into IOS. In this case, I want to define the time range from 9 AM to 9 PM:
TERMINAL
- time-range DAILY-0900-2100
- periodic daily 7:00 to 21:00
Next, we need our access lists:
TERMINAL
- ip access-list extended ACL-0900-2100
- permit ip any any time-range DAILY-0900-2100
- ip access-list extended ACL_ALL_HOURS
- permit ip any any
And now our class maps to define which traffic to match:
TERMINAL
- class-map match-all 256K
- match access-group name ACL-0900-2100
- class-map match-all 1M
- match access-group name ACL_ALL_HOURS
And finally, our policy map:
TERMINAL
- policy-map POLICY-IN
- class 256K
- police 256000 8000 exceed-action drop
- class 1M
- police 1000000 12500 exceed-action drop
Put it all together, and it looks like this:
TERMINAL
- time-range DAILY-0900-2100
- periodic daily 7:00 to 21:00
- !
- ip access-list extended ACL-0900-2100
- permit ip any any time-range DAILY-0900-2100
- ip access-list extended ACL_ALL_HOURS
- permit ip any any
- !
- class-map match-all 256K
- match access-group name ACL-0900-2100
- class-map match-all 1M
- match access-group name ACL_ALL_HOURS
- !
- policy-map POLICY-IN
- class 256K
- police 256000 8000 exceed-action drop
- class 1M
- police 1000000 12500 exceed-action drop
