一个很有实用价值的QoS策略配置实例
某公司QoS 策略 配置 实例 Current configuration : 3568 bytes ! ! version 12.2 service timestamps debug datetime service timestamps log datetime service password-encryption ! hostname xxxxxx ! enable secret 5 $1$uJPt$/Uh ! clock timezone Chin
某公司QoS策略配置实例Current configuration : 3568 bytes
!
!
version 12.2
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname xxxxxx
!
enable secret 5 $1$uJPt$/Uh
!
clock timezone China 8
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server x.x.x.x
ip name-server x.x.x.x
!
no ip bootp server
!
class-map match-any premium_class
description For premium
match protocol fasttrack
match protocol http
match protocol icmp
match protocol napster
match protocol netshow
match protocol pcanywhere
match protocol realaudio
match protocol streamwork
match protocol vdolive
match protocol cuseeme
match protocol telnet
match protocol secure-http
match access-group 110
match ip precedence 5
match ip precedence 4
match ip precedence 3
class-map match-any normal_calss
description For normal
match protocol ftp
match protocol imap
match protocol pop3
match protocol secure-ftp
match protocol secure-imap
match protocol secure-pop3
match protocol smtp
match access-group 120
match ip precedence 2
match ip precedence 1
!
!
policy-map qos_policy_map
class premium_class
bandwidth percent 50
random-detect
random-detect exponential-weighting-constant 4
police cir 2000000 bc 10000 be 10000
conform-action transmit
exceed-action transmit
class normal_calss
bandwidth percent 25
random-detect
random-detect exponential-weighting-constant 4
police cir 2000000 bc 2000 be 2000
conform-action transmit
exceed-action drop
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 secondary
ip access-group 130 in
ip verify unicast reverse-path
ip nat inside
ip route-cache same-interface
ip route-cache policy
ip policy route-map qos
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
bandwidth 2048
ip address x.x.x.x 255.255.255.252
ip verify unicast reverse-path
no ip proxy-arp
ip nat outside
rate-limit input 2000000 20000 20000 conform-action transmit exceed-action drop
ip route-cache policy
service-policy output qos_policy_map
no cdp enable
!
ip nat inside source list 10 interface Serial0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 192.168.0.0 255.255.255.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 192.168.0.1
no ip http server
no ip pim bidir-enable
!
!
access-list 10 remark NAT
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 110 remark normal
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 120 remark premium
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 remark anti BT and anti-virus
access-list 130 deny tcp any any range 6881 6890 time-range work
access-list 130 deny tcp any range 6881 6890 any time-range work
access-list 130 deny tcp any any range 6969 6979 time-range work
access-list 130 deny tcp any range 6969 6979 any time-range work
access-list 130 deny tcp any any range 7000 7100 time-range work
access-list 130 deny tcp any range 7000 7100 any time-range work
access-list 130 deny tcp any any range 9995 9996
access-list 130 deny tcp any range 9995 9996 any
access-list 130 deny tcp any any eq 5554
access-list 130 deny tcp any eq 5554 any
access-list 130 permit ip any any
no cdp run
route-map qos permit 10
match ip address 110
set ip precedence priority
!
route-map qos permit 20
match ip address 120
set ip precedence critical
!
banner motd ^CUnauthorized access will be Prosecuted!!!^C
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 121A0C0411045D5D7C
login
!
time-range work
periodic weekdays 8:30 to 18:00
!
!
end
公司有两个内网段:192.168.0.0/24,192.168.1.0/24。
192.168.0.0/24为低优先级内网段,192.168.1.0/24为高优先级内网段。
在class-map中premium_class类包括了192.168.1.0/24高优先级内网段,采用NBAR匹配实时性较高的应用如:napster、netshow、pcanywhere、realaudio、streamwork、vdolive、cuseeme、telnet等。
normal_class类包括了192.168.0.0/24低优先级内网段,采用NBAR匹配实时性不强的应用如:ftp、pop3、smtp等。
在policy-map中针对不同的class,采取不同的策略。如:CBWFQ、WRED等。因为公司互联网带宽为2M,故考虑WRED中的指数加权因子为4,最小阀值为5,最大阀值为17,标记几率分母为1。
在route-map(PBR)中采用匹配不同的ACL 110#,ACL 120#。设置不同的IP precedence值。
在F 0/0以太口上增加inbound policy--ACL 130#,在上班时间8:30到18:00禁止BT下载。限制震荡波病毒的端口。
在S 0/0串口上采用Input CAR策略。对进入S 0/0串口的流量进行整形。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Practical tips for converting full-width English letters into half-width form
Mar 26, 2024 am 09:54 AM
Practical tips for converting full-width English letters into half-width forms. In modern life, we often come into contact with English letters, and we often need to input English letters when using computers, mobile phones and other devices. However, sometimes we encounter full-width English letters, and we need to use the half-width form. So, how to convert full-width English letters to half-width form? Here are some practical tips for you. First of all, full-width English letters and numbers refer to characters that occupy a full-width position in the input method, while half-width English letters and numbers occupy a full-width position.
Understand Linux Bashrc: functions, configuration and usage
Mar 20, 2024 pm 03:30 PM
Understanding Linux Bashrc: Function, Configuration and Usage In Linux systems, Bashrc (BourneAgainShellruncommands) is a very important configuration file, which contains various commands and settings that are automatically run when the system starts. The Bashrc file is usually located in the user's home directory and is a hidden file. Its function is to customize the Bashshell environment for the user. 1. Bashrc function setting environment
Which company does the Hands app belong to?
Mar 13, 2024 am 11:10 AM
Hands-on is a brand new chat and dating software, so which company is the Hand-on-hand app? This software was created by Tianjin Laifu Cultural Development Co., Ltd. You can download it from Xiaomi Mall and Apple Mall. This introduction to the Hands-on app creation company can tell you the specific methods. The following is a detailed introduction, so take a look. Which company is the Qianshou app? Answer: Tianjin Laifu Cultural Development Co., Ltd. Detailed description: On the official software website https://www.qianshouapp.cn/, you can see the company name at the bottom. Software introduction: 1. It can filter according to the conditions that users like, and can find the objects they need faster. 2. It can help users search for the objects they need faster.
Which company does Blue Star Travel Yao belong to?
Mar 22, 2024 pm 03:41 PM
Blue Star Travel Ballad has been on the game hot list after the recent release of a promotional video. Many players are very curious about which company Blue Star Travel Ballad is made from. In fact, it is a new game from Shanghai 2D manufacturer Manjiu. The editor will explain it to you below. Here is the introduction of Blue Star Yuanluyao Game Company, come and take a look together. Which company does Blue Star Travel Yao come from? Answer: It was launched by Manjiu Network. 1. First of all, Blue Star Travel Yao is a game launched by Manju’s Big World RPG. A promotional video was released on March 20. 2. This product will get its version number in October 2023. The game's trademark and operating unit are both registered under the name of a company called. The latter was established in February 2023, and its official website shows that its headquarters is in Singapore. 3. The 11-minute promotional video released this time revealed this
What currency is APE Coin? Is APE Coin valuable?
Mar 06, 2024 pm 10:40 PM
APE Coin: APE Coin, the social currency in the Metaverse, is the ApeCoinDAO governance token, launched on March 17, 2022. ApeCoinDAO is a decentralized autonomous organization that aims to promote the growth and development of the decentralized community. Purpose of APE Coin APE Coin has the following uses in the ApeCoinDAO ecosystem: Governance rights: APE Coin holders can vote on ApeCoinDAO proposals and participate in the governance of the ecosystem. Ecosystem Fund: APE coins will be used to fund projects and initiatives in the ApeCoinDAO ecosystem. Exclusive Access: APE Token holders have access to exclusive products, events and experiences. Games and Metaverse: APE Coin will be used for ApeCoinD
How to configure and install FTPS in Linux system
Mar 20, 2024 pm 02:03 PM
Title: How to configure and install FTPS in Linux system, specific code examples are required. In Linux system, FTPS is a secure file transfer protocol. Compared with FTP, FTPS encrypts the transmitted data through TLS/SSL protocol, which improves Security of data transmission. In this article, we will introduce how to configure and install FTPS in a Linux system and provide specific code examples. Step 1: Install vsftpd Open the terminal and enter the following command to install vsftpd: sudo
Where can I check the configuration of my win11 computer? How to find the configuration information of win11 computer
Mar 06, 2024 am 10:10 AM
When we use win11 system, we sometimes need to check the configuration of our computer, but many users are also asking where to check the configuration of win11 computer? In fact, the method is very simple. Users can directly open the system information under settings, and then view the computer configuration information. Let this site carefully introduce to users how to find win11 computer configuration information. How to find win11 computer configuration information. Method 1: 1. Click Start and open Computer Settings. 3. You can view computer configuration information on this page. 2. In the command prompt window, enter systeminfo and press Enter to view the computer configuration.
What computer configuration does Black Myth Wukong require?
Mar 08, 2024 pm 01:22 PM
The game Black Myth Wukong will be launched on all major platforms in the summer of 2024. Players need to meet certain computer configurations when downloading the game to experience it. The following is an introduction to the minimum configuration required for Black Myth Wukong. What computer configuration is required for Black Myth Wukong? Minimum configuration operating system: Windows 7, Windows 8.1, Windows 10 (all 64-bit) Processor: Intel Corei5-4430/AMDFX-6300 Running memory: 8GB RAM Graphics card: NVIDIA GeForce GTX9602GB/AMDRadeon R73702GB Storage space: 100GB required Available space recommended operating system: Windows 7, Win
