Cisco ASA 5510 多时间范围命令

tag-icon tag-icon cisco cisco-asa qos
Cisco ASA 5510 多时间范围命令

我问这个问题不久前,我在 ASA 5510 中发现了“time-range”命令。它按预期工作。

是否可以设置两组在一天中的不同时间生效的访问列表规则?

例如,现在我有:

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay 
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay 
policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500

我可以添加并设置这一点吗:

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay 
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay     
access-list WirelessNight-AL extended permit ip object-group Wireless any time-range NightTime 
access-list WirelessNight-AL extended permit ip any object-group Wireless time-range NightTime 
policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500
 class WirelessNight-AL
  police input 3000000 562500
  police output 3000000 562500

基本上,我的目标是在工作日严格限制无线带宽,但在晚上和周末提高带宽。我不想在晚上完全关闭服务策略,因为这些时间仍然有很多有线用户。这可能吗?如果两个类使用不同的访问列表,我可以将它们放在同一个策略映射中吗?即使列表包含相同的对象组?

谢谢。

答案1

经过反复尝试,我终于找到了解决办法。我必须为新的访问列表创建一个新的类图,但一旦我这样做了,一切似乎都运行正常。

以下是最终配置的相关部分,供参考:

time-range Night_Weekend
 periodic weekdays 0:00 to 6:59
 periodic weekend 0:00 to 23:59
 periodic weekdays 19:00 to 23:59
!
time-range SchoolDay
 periodic weekdays 7:00 to 18:59

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay

access-list WirelessNight-AL extended permit ip object-group Wireless any time-range Night_Weekend
access-list WirelessNight-AL extended permit ip any object-group Wireless time-range Night_Weekend

class-map Wireless-AL
 description Student's wireless network traffic
 match access-list GPREP-Wireless
class-map WirelessNight-AL
 description Student's wireless network traffic for Nights_Weekends
 match access-list WirelessNight-AL

policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500
 class WirelessNight-AL
  police input 3000000 562500
  police output 3000000 562500

相关内容