I asked this question a while back, and have since discovered the "time-range" command in the ASA 5510. This works as expected.
Is it possible to setup 2 sets of access-list rules that take effect at different times of day?
For Example, right now I have:
access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay
policy-map WirelessLimit
class Wireless-AL
police input 1000000 187500
police output 1000000 187500
Can I add to that and set this up:
access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay
access-list WirelessNight-AL extended permit ip object-group Wireless any time-range NightTime
access-list WirelessNight-AL extended permit ip any object-group Wireless time-range NightTime
policy-map WirelessLimit
class Wireless-AL
police input 1000000 187500
police output 1000000 187500
class WirelessNight-AL
police input 3000000 562500
police output 3000000 562500
Basically, my goal is to heavily limit the Wireless bandwidth during the work day, but raise it at night and on weekends. I don't want to just turn off the service policy entirely at night because there are still many wired users during these times. Is this possible? Can I put 2 classes in the same policy-map if they use different access-lists? Even though the lists contain identical object-groups?
Thanks.
It took some trial and error, but I found out how to make this work. I had to create a new class-map for the new access-lists, but once I did that, everything seemed to work fine.
Here's the relevant portions of the final config, for reference: