Slaptijack reader Raj is looking for a way to limit inbound traffic on his switch ports based on the time of day. Specifically, he wants to restrict speed to 256 Kbps between 9 AM and 9 PM, and allow up to 1 Mbps the rest of the day. I've done something similar to this in the past, but with only one restriction, not two. Hopefully, this configuration will work!
Note: This post is based on the work of a previous post on Cisco Catalyst rate limiting. Although I know this will work in some cases, it may not work in yours. In other words, your mileage may vary.
Raj, the key to time-based rate limiting is to use the time range command built into IOS. In your case, we want to define the time range from 9 AM to 9 PM:
time-range DAILY-0900-2100
periodic daily 7:00 to 21:00
Next, we need our access lists:
ip access-list extended ACL-0900-2100
permit ip any any time-range DAILY-0900-2100
ip access-list extended ACL_ALL_HOURS
permit ip any any
And now our class maps to define which traffic to match:
class-map match-all 256K
match access-group name ACL-0900-2100
class-map match-all 1M
match access-group name ACL_ALL_HOURS
And finally, our policy map:
policy-map POLICY-IN
class 256K
police 256000 8000 exceed-action drop
class 1M
police 1000000 12500 exceed-action drop
Put it all together, and it looks like this:
time-range DAILY-0900-2100
periodic daily 7:00 to 21:00
!
ip access-list extended ACL-0900-2100
permit ip any any time-range DAILY-0900-2100
ip access-list extended ACL_ALL_HOURS
permit ip any any
!
class-map match-all 256K
match access-group name ACL-0900-2100
class-map match-all 1M
match access-group name ACL_ALL_HOURS
!
policy-map POLICY-IN
class 256K
police 256000 8000 exceed-action drop
class 1M
police 1000000 12500 exceed-action drop
Related Reading: