网上关于
Qos
资料太多了,但很多不实用,讲了一大堆理论,下面是我们一子公司的路由器上的配置,供大家参考。其实,只要理解了
NBAR
、
CBWFQ
、
WRED
等意义,流量控制就可以随心配置。
说明:
一家子公司使用
2M
专线上网,内部网段为
192.168.23.0/24
(普通员工)和
192.168.24.0/24
(总经办所在的
VLAN
),其中路由器
IP
地址为:
192.168.23.1
,内部
cisco3560
交换机
IP
为:
192.168.23.254
。现需要作流量控制,使总经办的流量比较优先,并优先传送一些声音与视频及网管流量。其它的服务如:
smtp
、
pop3
及
ftp
等为低优先级,并禁止
bt
下载等。
配置如下:
Current configuration : 3590 bytes
!
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname xxxxxx
!
enable secret 5 $44adf#dfdfj090$on
!
clock timezone China 8
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server 192.168.23.2
ip name-server x.x.x.x
!
no ip bootp server
!
ip nbar pdlm flash:bittorrent.pdlm
class-map match-any premium_class
description For premium
match protocol http
match protocol icmp
match protocol netshow
match protocol pcanywhere
match protocol realaudio
match protocol secure-http
match access-group 111
注:以上有省略,嘿嘿
!
class-map match-any normal_calss
description For normal
match protocol ftp
match protocol imap
match protocol pop3
match protocol smtp
match access-group 110
class-map match-any bt_download
description For drop
match protocol bittorrent
!
!
policy-map qos_policy_map
class premium_class
bandwidth percent 50
random-detect
random-detect exponential-weighting-constant 4
police cir 2000000 bc 10000 be 10000
conform-action transmit
exceed-action transmit
class normal_calss
bandwidth percent 25
random-detect
random-detect exponential-weighting-constant 4
police cir 2000000 bc 2000 be 2000
conform-action transmit
exceed-action drop
class bt_download
drop
!
!
!
!
interface FastEthernet0/0
ip address 192.168.23.1 255.255.255.0
ip verify unicast reverse-path
ip nat inside
ip route-cache same-interface
ip route-cache policy
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
bandwidth 2048
ip address 210.88.44.x 255.255.255.252
ip verify unicast reverse-path
no ip proxy-arp
ip nat outside
rate-limit input 2000000 20000 20000 conform-action transmit exceed-action drop
ip route-cache policy
service-policy output qos_policy_map
no cdp enable
!
ip nat inside source list 10 interface Serial0/0 overload
ip classless
ip route 0.0.0 .0 0.0.0.0 210.88.44.y
ip route 192.168.24.0 255.255.255.0 192.168.23.254
no ip http server
!
!
access-list 10 remark NAT
access-list 10 permit 192.168.23.0 0.0.0 .255
access-list 10 permit 192.168.24.0 0.0.0 .255
access-list 110 remark normal
access-list 110 permit ip 192.168.23.0 0.0.0 .255 any
access-list 111 remark premium
access-list 111 permit ip 192.168.24.0 0.0.0 .255 any
no cdp run
!
banner motd ^cml system router !!!^C
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 121A0C0411045D5D7C
login
!
!
!
end
注:互联网带宽为
2M
,故
WRED
中的指数加权因子为
4
,最小阀值为
5
,最大阀值为
17
,标记几率分母为
1
。