92、QOS区分式服务配置实验之分类&标记

1、分类&标记解析

分类方法:ACL或NBAR

ACL仅能简单的根据源目标IP、端口、MAC地址进行分类,而NBAR基于网络的应用层识别,可以根据数量里的内容来分类流量。

全局配置模式:ip nbar pdlm flash://bt.pdlm    加载

接口配置模式:ip nbar protocol-discovery      开启


标记方法:PBR或CBMarking

PBR只能用于入方向,CBMarking则可以同时应用在入和出两个方向。

wKioL1afSTLCrbaCAAGM_hdebWk614.png

wKiom1afSPujx_tOAAF4Gum4we0364.png

wKiom1afSP2wWerOAAEBXfGmj1k734.png

wKiom1afSQHDElJ1AAFeeeudrQw761.png

wKiom1afSQOjU4VjAAFCERxwR2k049.png

wKiom1afSQbTqNDSAAGu228jb6E990.png

wKiom1afSQnTAVq1AAFfjqaLPjM762.png

wKioL1afSUfR8YIbAAF8Wqr7sio170.png

wKiom1afSRHBsA_YAAKRzBxfA-Q705.png

wKioL1afSVHQOrdIAAJtWlAhAsk896.png

wKioL1afSVXj49XlAAG3g8GN0do050.png


2、实验拓扑

wKiom1afSTDg_8JUAAAkRZpK7g8404.png


3、基础配置

enable password cisco

username cisco password cisco

interface FastEthernet0/0

 ip address 192.168.5.254 255.255.255.0

 no shutdown

ip http server

ip http authentication enable

line vty 0 4

 login local


4、分类及标记配置

分类Telnet、Web流量,标记Telnet流量优先级为2、标记Web流量优先级为3

ACL结合PBR

ip access-list extended Telnet

 permit tcp any any eq telnet

ip access-list extended Web

 permit tcp any any eq www


route-map PBR permit 10

 match ip address Telnet

 set ip precedence 2

route-map PBR permit 20

 match ip address Web

 set ip precedence 3


interface FastEthernet0/0

 ip policy route-map PBR


ACL结合CBMaking

ip access-list extended Telnet

 permit tcp any any eq telnet

ip access-list extended Web

 permit tcp any any eq www


class-map match-all Telnet

 match access-group name Telnet

class-map match-all Web

 match access-group name Web


policy-map CBMARK

 class Telnet

  set ip precedence 2

 class Web

  set ip precedence 3


interface FastEthernet0/0

 service-policy input CBMARK


查看匹配情况

show ip access-lists 

show policy-map interface f0/0


NBAR结合CBMarking

ip nbar port-map http tcp 80 8080 


class-map match-all Telnet

 match protocol telnet

class-map match-all Web

 match protocol http


policy-map NBAR

 class Telnet

  set ip precedence 2

 class Web

  set ip precedence 3


interface FastEthernet0/0

 service-policy input NBAR


查看匹配情况

show ip access-lists 

show policy-map interface f0/0


你可能感兴趣的:(92)