QoS Configuration and Monitoring

Creating Time-of-Day QoS Service Policies

Document ID: 11035

Updated: May 29, 2008



This document describes two options for configuring time-of-day Quality of Service (QoS) policies in a router running Cisco IOS® software. These options are:

  • Time-based access control lists (ACLs)

  • Timed deployment of a service policy using QoS Policy Manager (QPM)



There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.


For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Time-Based ACLs

Cisco IOS software allows implementation of features based on the time of day by using time-based ACLs. The time range defines when the permit or deny statements in the ACL are in effect. Previously, ACL statements were always in effect once they were applied. See the Configuring Time Ranges section in Performing Basic System Management for more information.

Currently, IP and IPX extended access lists are the only functions that can use time ranges. The time range allows the network administrator to define when the permit or deny statements in the access list are in effect. Both named or numbered access lists can reference a time range.

Time-based ACLs enhance control over permitting or denying a user access to resources. They also enhance policy-based routing (PBR) and queuing functions. For example, when provider's access rates vary by time of day, it is possible to automatically and cost effectively reroute traffic. Service providers can dynamically change a committed access rate (CAR) configuration to support the QoS service level agreements (SLAs) that are negotiated for certain times of day.

To configure time-based QoS service policies, use time-based ACLs as the match-on criteria for a class of traffic. Cisco recommends using the modular QoS command-line interface (CLI) (MQC) to apply QoS policies to a router's interfaces.

Within the MQC, the class-map command is used to define a traffic class that classifies or sorts traffic. A traffic class contains three major elements:

  • A name.

  • A series of match commands.

  • If more than one match command exists in the traffic class, an instruction on how to evaluate these match commands.

The match commands are used to specify various criteria for classifying packets. These criteria include input interface, MAC address, and a specific protocol, like all IP packets. Use the match access-group {number} command to match on time-based ACLs. For example:

  1. Define a time range and assign a name to the time range to be configured. The time-range global configuration command defines specific times of the day and week.

    Router(config)#time-range time-range-name
  2. Specify when the time range will be in effect. Use some combination of these commands. Multiple periodic statements are allowed, but only one absolute statement is allowed.

    Router(config-time-range)#absolute [start time date] [end time date]


    Router(config-time-range)#periodic days-of-the-week hh:mm to [days-of-the-week] hh:mm

    Note: The time range relies on the system's software clock. For the time range feature to work the way you intend, you need a reliable clock source. Cisco Systems recommends that you use Network Time Protocol (NTP) to synchronize the system's software clock.

    This output shows an example of creating a time-based named ACL. It denies HTTP traffic on Monday through Friday between the hours of 8:00 am and 6:00 pm and allows UDP traffic on Saturday and Sunday from noon to 8:00 pm.

    time-range no-http
    periodic weekdays 8:00 to 18:00
    time-range udp-yes
    periodic weekend 12:00 to 20:00
    ip access-list extended strict
    permit tcp any any eq http time-range no-http
    permit udp any any time-range udp-yes
    Example of using a time-based ACL in QoS Policy:
    class-map Traffic_Class
    match access-group strict
    policy-map QoS-Policy 
    class Traffic_Class
    priority 500
    class class-default 

Timed Deployment Using QPM

QPM provides a scalable platform to define and apply QoS policy. QPM manages the QoS configuration and maintenance on a system-wide basis for Cisco devices, including routers, Layer 3 switches, other switches, and Cisco LocalDirector. Using QPM, you can define and deploy policies more easily than you can using device commands directly. Refer to Using QoS Policy Manager 2.1 for more information.

A QoS policy-database can be scheduled for time-based deployment with QPM. As of version 2.1, QPM does not support time-based ACLs. Instead, as a workaround, use an external trigger to automate and manage the scheduling. The Microsoft Windows scheduler is the simplest external-trigger. Use it in conjunction with QPM's Distribution Manager executable, distribute_policy.exe. This is an example of the syntax of a simple batch file that you can use for time-based policy deployment:

at 9:00 "C:\Program Files\Cisco Systems\QoS Policy Manager
Pro\bin\distribute_policy.exe"  -d <QPM-database-1> -u QPM_User -m

at 18:00 "C:\Program Files\Cisco Systems\QoS Policy Manager
Pro\bin\distribute_policy.exe" -d <QPM-database-2> -u QPM_User -m <PC-Name>

For more information on Distribution Manager, see the Deploying Distribution Jobs from an External Program section of Distributing Policies to Network Devices (from the QPM documentation).

Related Information

Updated: May 29, 2008
Document ID: 11035