ES 3526XA v2 Policy Map
Материал из noname.com.ua
Работа с Policy Map
Простой шейпинг (пример 1)
ACL
access-list IP extended shaper-1 deny 10.199.0.0 255.255.0.0 any !
Внимание! Насколько я проверил, правильно именно так а не
access-list IP extended shaper-1 permit 10.199.0.0 255.255.0.0 any !
как было бы логично предположить.
Class-Map
class-map shaper-1 match-any match access-list shaper-1 exit
Policy-Map
! policy-map shaper-1 class shaper-1 set cos 0 police 64 1522 exceed-action drop exit exit !
Interface Config
! interface ethernet 1/1 ip source-guard sip-mac ... service-policy input shaper-1 !
"шейпинг по направлением"
ACL
ACL неавторизованных пользователей. Первый ACL описывает то что нужно разрешить (но ограничить скорость в 1 мбит)
access-list IP extended noauth-permit deny 1 10.199.0.0 255.255.0.0 any deny 10.199.0.0 255.255.0.0 192.168.95.0 255.255.255.0
Этот ACL описывает то что нужно запретить (т.е. установить скорость в 1)
access-list IP extended unauth deny 10.199.0.0 255.255.0.0 any
Class-Map
class-map noauth-permit match-any match access-list noauth-permit exit
!!!
! access-list IP extended m3 permit any host 10.199.0.100 deny 10.199.0.0 255.255.0.0 any ! class-map m3 match-any match access-list m3 exit ! policy-map m3 class m3 set cos 0 police 1 64 exceed-action drop exit exit !
!!!!
access-list IP extended m4 permit 10.199.0.0 255.255.0.0 host 10.199.0.100 permit 10.200.0.0 255.255.0.0 host 192.168.95.22 deny 10.199.0.0 255.255.0.0 any exit class-map m4 match-any match access-list m4 exit policy-map m4 class m4 set cos 0 police 1 64 exceed-action drop exit exit
Номера протоколов
Номер Ключевое Протокол
слово
======= ======= ==============
0 HOPOPT IPv6 Hop-by-Hop Option
1 ICMP Internet Control Message
2 IGMP Internet Group Management
3 GGP Gateway-to-Gateway
4 IP IP in IP (инкапсуляция)
5 ST Stream
6 TCP Transmission Control
7 CBT CBT
8 EGP Exterior Gateway Protocol
9 IGP любой частный внутренний шлюз
(используется компанией Cisco для протокола IGRP)
10 BBN-RCC-MON BBN RCC Monitoring
11 NVP-II Network Voice Protocol
12 PUP PUP
13 ARGUS ARGUS
14 EMCON EMCON
15 XNET Cross Net Debugger
16 CHAOS Chaos
17 UDP User Datagram
18 MUX Multiplexing
19 DCN-MEAS DCN Measurement Subsystems
20 HMP Host Monitoring
21 PRM Packet Radio Measurement
22 XNS-IDP XEROX NS IDP
23 TRUNK-1 Trunk-1
24 TRUNK-2 Trunk-2
25 LEAF-1 Leaf-1
26 LEAF-2 Leaf-2
27 RDP Reliable Data Protocol
28 IRTP Internet Reliable Transaction
29 ISO-TP4 ISO Transport Protocol Class 4
30 NETBLT Bulk Data Transfer Protocol
31 MFE-NSP MFE Network Services Protocol
32 MERIT-INP MERIT Internodal Protocol
33 SEP Sequential Exchange Protocol
34 3PC Third Party Connect Protocol
35 IDPR Inter-Domain Policy Routing Protocol
36 XTP XTP
37 DDP Datagram Delivery Protocol
38 IDPR-CMTP IDPR Control Message Transport Proto
39 TP++ TP++ Transport Protocol
40 IL IL Transport Protocol
41 IPv6 Ipv6
42 SDRP Source Demand Routing Protocol
43 IPv6-Route Routing Header for IPv6
44 IPv6-Frag Fragment Header for IPv6
45 IDRP Inter-Domain Routing Protocol
46 RSVP Reservation Protocol
47 GRE General Routing Encapsulation
48 MHRP Mobile Host Routing Protocol
49 BNA BNA
50 ESP Encap Security Payload for IPv6
51 AH Authentication Header for IPv6
52 I-NLSP Integrated Net Layer Security TUBA
53 SWIPE IP with Encryption
54 NARP NBMA Address Resolution Protocol
55 MOBILE IP Mobility
56 TLSP Transport Layer Security Protocol
с использованием обработки ключей Kryptonet
57 SKIP SKIP
58 IPv6-ICMP ICMP for IPv6
59 IPv6-NoNxt No Next Header for IPv6
60 IPv6-Opts Destination Options for IPv6
61 любой внутренний протокол узла
62 CFTP CFTP
63 любая локальная сеть
64 SAT-EXPAK SATNET и Backroom EXPAK
65 KRYPTOLAN Kryptolan
66 RVD MIT Remote Virtual Disk Protocol
67 IPPC Internet Pluribus Packet Core
68 любая распределенная файловая система
69 SAT-MON SATNET Monitoring
70 VISA VISA Protocol
71 IPCV Internet Packet Core Utility
72 CPNX Computer Protocol Network Executive
73 CPHB Computer Protocol Heart Beat
74 WSN Wang Span Network
75 PVP Packet Video Protocol
76 BR-SAT-MON Backroom SATNET Monitoring
77 SUN-ND SUN ND PROTOCOL-Temporary
78 WB-MON WIDEBAND Monitoring
79 WB-EXPAK WIDEBAND EXPAK
80 ISO-IP ISO Internet Protocol
81 VMTP VMTP
82 SECURE-VMTP SECURE-VMTP
83 VINES VINES
84 TTP TTP
85 NSFNET-IGP NSFNET-IGP
86 DGP Dissimilar Gateway Protocol
87 TCF TCF
88 EIGRP EIGRP
89 OSPFIGP OSPFIGP
90 Sprite-RPC Sprite RPC Protocol
91 LARP Locus Address Resolution Protocol
92 MTP Multicast Transport Protocol
93 AX.25 AX.25 Frames
94 IPIP IP-within-IP Encapsulation Protocol
95 MICP Mobile Internetworking Control Pro.
96 SCC-SP Semaphore Communications Sec. Pro.
97 ETHERIP Ethernet-within-IP Encapsulation
98 ENCAP Encapsulation Header
99 любая частная схема шифрования
100 GMTP GMTP
101 IFMP Ipsilon Flow Management Protocol
102 PNNI PNNI over IP
103 PIM Protocol Independent Multicast
104 ARIS ARIS
105 SCPS SCPS
106 QNX QNX
107 A/N Active Networks
108 IPComp IP Payload Compression Protocol
109 SNP Sitara Networks Protocol
110 Compaq-Peer Compaq Peer Protocol
111 IPX-in-IP IPX in IP
112 VRRP Virtual Router Redundancy Protocol
113 PGM PGM Reliable Transport Protocol
114 любой протокол 0-hop
115 L2TP Layer Two Tunneling Protocol
116 DDX D-II Data Exchange (DDX)
117 IATP Interactive Agent Transfer Protocol
118 STP Schedule Transfer Protocol
119 SRP SpectraLink Radio Protocol
120 UTI UTI
121 SMP Simple Message Protocol
122 SM SM
123 PTP Performance Transparency Protocol
124 ISIS over IPv4
125 FIRE
126 CRTP Combat Radio Transport Protocol
127 CRUDP Combat Radio User Datagram
128 SSCOPMCE
129 IPLT
130 SPS Secure Packet Shield
131 PIPE Private IP Encapsulation within IP
132 SCTP Stream Control Transmission Protocol
133 FC Fibre Channel
134-254 свободные номера
255 зарезервированный номер
