公司内部流量控制案例

公司的三层交换是cisco3650， 下接一个2层交换2960.  在三层交换前有个防火墙cisco asa5510

 

###10.50.6.0   10.50.8.0网段下行速率配置###
mls qos
access-list 101 permit ip any 10.50.6.0 0.0.0.255
access-list 101 permit ip any 10.50.8.0 0.0.0.255
class-map match-all vlan10-down
match access-group 101

policy-map  vlan10-down
class vlan10-down
trust dscp
police 2048000 1000000 exceed-action drop

interface fastethernet 0/24<上连防火墙的接口>
service-police input vlan10-down

###10.50.6.0 10.50.8.0网段上行速率配置###

access-list 10 permit 10.50.6.0 0.0.0.255
access-list 10 permit 10.50.8.0 0.0.0.255
class-map match-all vlan10-up
match access-group 10
policy-map  vlan10-up
class vlan10-up
trust dscp
police 2048000 1000000 exceed-action drop

interface fastethernet 0/23
 service-police input vlan10-up

 

###封堵bt配置###

ip cef
ip nbar pdlm flash://bittorrent.pdlm
class-map bittorrent
match protocol bittorrent
policy-map drop-bittorrent
class bittorrent
drop

interface fastethernet 0/24(三层交换连接防火墙的那个口)
service-policy input drop-bittorrent