Re: Time based Policing?

asad747 · ‎03-28-2011

Dear friends!

I am trying to impliment Time based policing but unable to achieve it.

My requirement is to limit traffic to customer port at different speed during DAY Time and at different speed during Night.

I am using following configuration, but the observation is that no matter if time-range is active or not. Customer is getting the traffic policed based on first class listed in policy-map i.e only DAY rate-limit is being applied even though time-range of DAY-TIME is inactive.

=====MY Configuration=====

time-range entry: DAY-TIME (inactive)
periodic daily 6:00 to 18:00

used in: IP ACL entry

time-range entry: NIGHT-TIME (active)
periodic daily 18:01 to 05:59

used in: IP ACL entry

ip access-list extended match-day

permit ip any any time-range DAY-TIME

ip access-list extended match-night

permit ip any any time-range NIGHT-TIME

class-map match-all NIGHT
match access-group name match-night

class-map match-all DAY
match access-group name match-day

policy-map DAY-NIGHT
class DAY
police cir 5120000 bc 128000 be 128000 conform-action set-dscp-transmit default exceed-action drop violate-action drop

class NIGHT
police cir 102400000 bc 256000 be 256000 conform-action set-dscp-transmit default exceed-action drop violate-action drop

interface GigabitEthernet11/1
ip address x.x.x.x x.x.x.x.x

service-policy input DAY-NIGHT
service-policy output DAY-NIGHT
end

Haris P · ‎04-02-2011

Dear ,

I got a similar situation where matching an inactive Time-based ACL and it was an IOS bug . So I highly suggest an IOS upgrade to stable version such as 12.4(15)T2.

Here is a link regarding the bug info.: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk22420