邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: 3550如何控制流量（在线等) [打印本页]

---

作者: gdsnake    时间: 2005-7-20 15:26
标题: 3550如何控制流量（在线等)
这里的出口是一台cisco3550，最近老有人用变态下载，想对其中的一个端口作流量限制，怎么做？

---

作者: 独孤文昌    时间: 2005-7-21 16:41
标题: re:Building configurati...
Building configuration...<br>
<br>
Current configuration : 5488 bytes<br>
!<br>
version 12.1<br>
no service pad<br>
service timestamps debug uptime<br>
service timestamps log uptime<br>
service password-encryption<br>
!<br>
hostname cr20g<br>
!<br>
enable secret 5 $1$Xtuj$E.l2l.ev7mOCVtwPeEXz1.<br>
enable password 7 08771A1D5A4152404B0805172924<br>
!<br>
username jary password 7 070C285F4D0648564E43595B5D7E797179<br>
ip subnet-zero<br>
ip routing<br>
!<br>
mls qos<br>
!<br>
class-map match-all part6<br>
match access-group 116<br>
class-map match-all part5<br>
match access-group 115<br>
class-map match-all part4<br>
match access-group 114<br>
class-map match-all part3<br>
match access-group 113<br>
class-map match-all part2<br>
match access-group 112<br>
!<br>
!<br>
policy-map download<br>
class part2<br>
police 1000000 8000 exceed-action drop<br>
class part3<br>
police 1800000 8000 exceed-action drop<br>
class part4<br>
police 496000 8000 exceed-action drop<br>
class part5<br>
police 496000 8000 exceed-action drop<br>
class part6<br>
police 800000 8000 exceed-action drop<br>
!<br>
!<br>
spanning-tree mode pvst<br>
spanning-tree extend system-id<br>
!<br>
!<br>
!<br>
interface FastEthernet0/1<br>
switchport mode access<br>
!<br>
interface FastEthernet0/2<br>
switchport mode access<br>
!<br>
interface FastEthernet0/3<br>
switchport mode access<br>
!<br>
interface FastEthernet0/4<br>
switchport mode access<br>
!<br>
interface FastEthernet0/5<br>
switchport mode access<br>
!<br>
interface FastEthernet0/6<br>
switchport mode access<br>
!<br>
interface FastEthernet0/7<br>
switchport mode access<br>
!<br>
interface FastEthernet0/8<br>
switchport mode access<br>
!<br>
interface FastEthernet0/9<br>
switchport mode access<br>
!<br>
interface FastEthernet0/10<br>
switchport mode access<br>
!<br>
interface FastEthernet0/11<br>
switchport access vlan 2<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/12<br>
switchport access vlan 2<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/13<br>
switchport access vlan 2<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/14<br>
switchport access vlan 3<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/15<br>
switchport access vlan 4<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/16<br>
switchport access vlan 5<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/17<br>
switchport access vlan 6<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/18<br>
switchport access vlan 6<br>
switchport mode access<br>
service-policy input download<br>
!<br>
interface FastEthernet0/19<br>
switchport mode access<br>
!<br>
interface FastEthernet0/20<br>
switchport mode access<br>
!<br>
interface FastEthernet0/21<br>
switchport mode access<br>
!<br>
interface FastEthernet0/22<br>
switchport mode access<br>
!<br>
interface FastEthernet0/23<br>
switchport mode access<br>
!<br>
interface FastEthernet0/24<br>
switchport mode access<br>
!<br>
interface GigabitEthernet0/1<br>
switchport mode dynamic desirable<br>
!<br>
interface GigabitEthernet0/2<br>
switchport mode dynamic desirable<br>
!<br>
interface Vlan1<br>
ip address 192.168.0.254 255.255.255.0<br>
!<br>
interface Vlan2<br>
ip address 192.168.2.1 255.255.255.0<br>
!<br>
interface Vlan3<br>
ip address 192.168.3.1 255.255.255.0<br>
!<br>
interface Vlan4<br>
ip address 192.168.4.1 255.255.255.0<br>
!<br>
interface Vlan5<br>
ip address 192.168.5.1 255.255.255.0<br>
!<br>
interface Vlan6<br>
ip address 192.168.6.1 255.255.255.0<br>
!<br>
ip default-gateway 192.168.0.1<br>
ip classless<br>
ip route 0.0.0.0 0.0.0.0 192.168.0.1<br>
ip http server<br>
!<br>
!<br>
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255<br>
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255<br>
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255<br>
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255<br>
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255<br>
access-list 112 permit ip 192.168.2.0 0.0.0.255 any<br>
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255<br>
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255<br>
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255<br>
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255<br>
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255<br>
access-list 113 permit ip 192.168.3.0 0.0.0.255 any<br>
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255<br>
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255<br>
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255<br>
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255<br>
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255<br>
access-list 114 permit ip 192.168.4.0 0.0.0.255 any<br>
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.0.255<br>
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.2.0 0.0.0.255<br>
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255<br>
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255<br>
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255<br>
access-list 115 permit ip 192.168.5.0 0.0.0.255 any<br>
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255<br>
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.2.0 0.0.0.255<br>
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255<br>
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255<br>
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255<br>
access-list 116 permit ip 192.168.6.0 0.0.0.255 any<br>
!<br>
line con 0<br>
password 7 14141B180F0B7B787D7961627B47554352<br>
logging synchronous<br>
login<br>
line vty 0 4<br>
password 7 104D000A061843585555787C7D7C616073<br>
login<br>
line vty 5 15<br>
password 7 104D000A061843585555787C7D7C616073<br>
login<br>
!<br>
end<br>
<br>

---

作者: Herson    时间: 2005-7-29 09:20
标题: re:沒明白誒...請求說明
沒明白誒...<br>
請求說明

---

作者: smallbigbox    时间: 2005-8-26 10:51
标题: re:做了下载限制的说--police 180...
做了下载限制的说--police 1800000 8000 exceed-action drop<br>
<br>
如果真的要关闭bt,还是需要关端口,除了个别的应用,把高层的动态端口尽量关闭<br>

---

欢迎光临 邮件服务器-邮件系统-邮件技术论坛(BBS) (http://www.5dmail.cn/bbs/)

Powered by Discuz! X3.2