Cisco
Cisco ASA 5510 多個時 間範圍命令
不久前我問過這個問題,後來發現了 ASA 5510 中的“時間範圍”命令。這按預期工作。
是否可以設置 2 組在一天中不同時間生效的訪問列表規則?
例如,現在我有:
access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay policy-map WirelessLimit class Wireless-AL police input 1000000 187500 police output 1000000 187500我可以添加並設置它:
access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay access-list WirelessNight-AL extended permit ip object-group Wireless any time-range NightTime access-list WirelessNight-AL extended permit ip any object-group Wireless time-range NightTime policy-map WirelessLimit class Wireless-AL police input 1000000 187500 police output 1000000 187500 class WirelessNight-AL police input 3000000 562500 police output 3000000 562500基本上,我的目標是在工作日嚴格限制無線頻寬,但在晚上和周末提高它。我不想只是在晚上完全關閉服務策略,因為在這段時間仍然有很多有線使用者。這可能嗎?如果它們使用不同的訪問列表,我可以將 2 個類放在同一個策略映射中嗎?即使列表包含相同的對象組?
謝謝。
它需要一些試驗和錯誤,但我發現瞭如何使這項工作。我必須為新的訪問列表創建一個新的類映射,但是一旦我這樣做了,一切似乎都正常。
以下是最終配置的相關部分,供參考:
time-range Night_Weekend periodic weekdays 0:00 to 6:59 periodic weekend 0:00 to 23:59 periodic weekdays 19:00 to 23:59 ! time-range SchoolDay periodic weekdays 7:00 to 18:59 access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay access-list WirelessNight-AL extended permit ip object-group Wireless any time-range Night_Weekend access-list WirelessNight-AL extended permit ip any object-group Wireless time-range Night_Weekend class-map Wireless-AL description Student's wireless network traffic match access-list GPREP-Wireless class-map WirelessNight-AL description Student's wireless network traffic for Nights_Weekends match access-list WirelessNight-AL policy-map WirelessLimit class Wireless-AL police input 1000000 187500 police output 1000000 187500 class WirelessNight-AL police input 3000000 562500 police output 3000000 562500