Users Guide
Access Control Lists 733
Schedule Forwarding of Packets to a Different Port
This ACL Layer-2 forwards matching packets to a different port based on a
time schedule. This is not equivalent to Policy-Based Forwarding, as the TTL
in the packet is not decremented, nor is a new destination MAC address
written into the packet. The access-group policy is globally configured on all
switch interfaces.
console#config
console(config)#time-range work-hours
console(config-time-range)#periodic weekdays 07:30 to 18:00
console(config-time-range)#exit
console(config)#ip access-list redirect-traffic
console(config-ip-acl)#permit ip any 172.16.1.0 255.255.255.0
redirect te1/0/1 time-range work-hours
console(config-ip-acl)#2147483647 permit every
console(config-ip-acl)#exit
console(config)#ip access-group redirect-traffic in 30
Rate Limit WWW Traffic (DiffServ)
This ingress ACL creates a DiffServ policy to rate-limit WWW packets.
Limit and burst values require tuning for local traffic patterns and link
speeds. Compare this to the next example.
console#config
console(config)#class-map match-all rate-limit-control ipv4
console(config-classmap)#match protocol tcp
console(config-classmap)#match srcl4port www
console(config-classmap)#exit
console(config)#policy-map rate-limit-policy in
console(config-policy-map)#class rate-limit-control
console(config-policy-classmap)#police-simple 9216 128 conform-
action transmit violate-action drop
console(config-policy-classmap)#exit
console(config-policy-map)#exit
console(config)#interface te1/0/2
console(config-if-Te1/0/2)#service-policy in rate-limit-policy
console(config-if-Te1/0/2)#exit