Cisco路由器流量控制实例

网上关于 Qos 资料太多了,但很多不实用,讲了一大堆理论,下面是我们一子公司的路由器上的配置,供大家参考。其实,只要理解了 NBAR CBWFQ WRED 等意义,流量控制就可以随心配置。
 
说明:
       一家子公司使用 2M 专线上网,内部网段为 192.168.23.0/24 (普通员工)和 192.168.24.0/24 (总经办所在的 VLAN ),其中路由器 IP 地址为: 192.168.23.1 ,内部 cisco3560 交换机 IP 为: 192.168.23.254 。现需要作流量控制,使总经办的流量比较优先,并优先传送一些声音与视频及网管流量。其它的服务如: smtp pop3 ftp 等为低优先级,并禁止 bt 下载等。
 
配置如下:
Current configuration : 3590 bytes
!
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname xxxxxx
!
enable secret 5 $44adf#dfdfj090$on
!
clock timezone China 8
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server 192.168.23.2
ip name-server x.x.x.x
!
no ip bootp server
!
ip nbar pdlm flash:bittorrent.pdlm
 
 
class-map match-any premium_class
description For premium
match protocol http
match protocol icmp
match protocol netshow
match protocol pcanywhere
match protocol realaudio
match protocol secure-http
match access-group 111
注:以上有省略,嘿嘿 !
 
class-map match-any normal_calss
description For normal
match protocol ftp
match protocol imap
match protocol pop3
match protocol smtp
match access-group 110
 
class-map match-any bt_download
description For drop
match protocol bittorrent
!
!
policy-map qos_policy_map
 
class premium_class
bandwidth percent 50
random-detect
random-detect exponential-weighting-constant 4
police cir 2000000 bc 10000 be 10000
conform-action transmit
exceed-action transmit
 
class normal_calss
bandwidth percent 25
random-detect
random-detect exponential-weighting-constant 4
police cir 2000000 bc 2000 be 2000
conform-action transmit
exceed-action drop
 
class bt_download
   drop
 
!
!
!
!
interface FastEthernet0/0
ip address 192.168.23.1 255.255.255.0
ip verify unicast reverse-path
ip nat inside
ip route-cache same-interface
ip route-cache policy
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
bandwidth 2048
ip address 210.88.44.x 255.255.255.252
ip verify unicast reverse-path
no ip proxy-arp
ip nat outside
rate-limit input 2000000 20000 20000 conform-action transmit exceed-action drop
ip route-cache policy
service-policy output qos_policy_map
no cdp enable
!
ip nat inside source list 10 interface Serial0/0 overload
ip classless
ip route 0.0.0 .0 0.0.0.0 210.88.44.y
 
ip route 192.168.24.0 255.255.255.0 192.168.23.254
no ip http server
 
!
!
access-list 10 remark NAT
access-list 10 permit 192.168.23.0 0.0.0 .255
access-list 10 permit 192.168.24.0 0.0.0 .255
 
access-list 110 remark normal
access-list 110 permit ip 192.168.23.0 0.0.0 .255 any
 
access-list 111 remark premium
access-list 111 permit ip 192.168.24.0 0.0.0 .255 any
 
no cdp run
 
!
banner motd ^cml system router !!!^C
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 121A0C0411045D5D7C
login
!
!
!
end
 
注:互联网带宽为 2M ,故 WRED 中的指数加权因子为 4 ,最小阀值为 5 ,最大阀值为 17 ,标记几率分母为 1

你可能感兴趣的:(职场,实例,Cisco,路由器,休闲)