• / 5
  • 下载费用:10 金币  

防火墙限速.doc

关 键 词:
防火墙限速.doc
资源描述:
方法一:相同出入流量.access-list 121 extended permit ip host 192.168.123.253 any access-list 121 extended permit ip any host 192.168.123.253 access-list 128 extended permit ip host 192.168.1.128 any access-list 128 extended permit ip any host 192.168.1.128 access-list 129 extended permit ip host 192.168.1.129 any access-list 129 extended permit ip any host 192.168.1.129 access-list 130 extended permit ip host 192.168.1.130 any access-list 130 extended permit ip any host 192.168.1.130class-map class_133match access-list 133class-map class_144match access-list 144class-map class_155match access-list 155class-map class_132match access-list 132class-map class_145match access-list 145policy-map policy_qosclass class_130police 256000 16000class class_131police 256000 16000class class_132police 256000 16000class class_133police 256000 16000class class_134police 256000 16000class class_135police 256000 16000class class_136police 256000 16000class class_137police 256000 16000class class_138police 256000 16000class class_139police 256000 16000class class_140police 256000 16000service-policy policy_qos interface inside由于 ASA 做了 NAT 所以限速策略无法做在 OUTSIDE 的入方向上(貌似列表写内网地址无效,没有命中,我估计是由于在 OUTSIDE 方向上做了NAT 的缘故,回包的目的是外网地址) 。没有办法只有做在 INSIDE 的出方向上,内网地址是 172.7.7.0/24 的我自己的地址是 111。配置如下access-list all extended deny ip any host 172.7.7.111 access-list all extended permit ip any 172.7.7.0 255.255.255.0 class-map allmatch access-list allpolicy-map allclass allpolice output 1500000 187500service-policy all interface inside公司总共 2M 的带宽,我只要 500K 就可以了,所以做了这么一个限速。可是最后的结果是Interface inside:Service-policy: allClass-map: allOutput police Interface inside:cir 1500000 bps, bc 187500 bytesconformed 93093 packets, 93188983 bytes; actions: transmitexceeded 0 packets, 0 bytes; actions: dropconformed 642056 bps, exceed 0 bpsiscoasa(config)# show interface Interface Vlan1 “inside“, is up, line protocol is upHardware is EtherSVIMAC address 001f.cabb.a1c5, MTU 1500IP address 172.7.7.7, subnet mask 255.255.255.0Traffic Stati
展开阅读全文
  微传网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
0条评论

还可以输入200字符

暂无评论,赶快抢占沙发吧。

关于本文
本文标题:防火墙限速.doc
链接地址:https://www.weizhuannet.com/p-9503302.html
微传网是一个办公文档、学习资料下载的在线文档分享平台!

微传网博客

网站资源均来自网络,如有侵权,请联系客服删除!

 网站客服QQ:80879498  会员QQ群:727456886

copyright@ 2018-2028 微传网络工作室版权所有

     经营许可证编号:冀ICP备18006529号-1 ,公安局备案号:13028102000124

收起
展开