[ AdiX @ 22.12.2009. 21:43 ] @
Pozdrav,
imam cisco861 router. Na njemu treba da limitiram bandiwdth po ip adresama i zabranim nekoliko destinacijskih ip adresa.
Limit po IP adresama radi ali droopanje destinacijskih ip adresa ne radi. Konfiguracija:
************************************************************************

!
class-map match-all Limit-256K
match access-group 102
class-map match-all Limit-1M
match access-group 100
class-map match-all Limit-512K
match access-group 101
class-map match-all Limit-128K
match access-group 103
class-map match-all QOS
!
!
policy-map Limit-128K
class Limit-128K
policy-map QOS
class Limit-1M
police 1000000 conform-action transmit exceed-action drop
class Limit-512K
police 512000 conform-action transmit exceed-action drop
class Limit-256K
police 256000 conform-action transmit exceed-action drop
class Limit-128K
police 128000 conform-action transmit exceed-action drop
!

interface FastEthernet4
ip address 10.10.0.xx 255.255.255.0
duplex auto
speed auto
service-policy input QOS
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.0.xx
no ip http server
no ip http secure-server
!
!
access-list 100 permit ip host 192.168.1.1 any
access-list 100 permit ip any host 192.168.1.1
access-list 100 permit ip host 192.168.1.2 any
access-list 100 permit ip any host 192.168.1.2
************************************************************************

za dropanje destinacijskih IP koristio sam ACL npr access-list 100 deny ip any host xxx.xxx.xxx.xxx

u cemu je problem ?

hvala i pozdrav.




[ djk494 @ 23.12.2009. 08:51 ] @
ACL 100 sluzi za match-ovanje saobracaja u class-map-i Limit-1M, sto znaci da ako stavis deny u njoj, taj saobracaj samo nece biti match-ovan i nece se na njega primenjivati service-policy. treba ti odvojena ACL za filtering koja nema veze sa QOS-om i koju ces primeniti direktno na interface.

Poz.
Vedran
[ AdiX @ 25.12.2009. 16:26 ] @
Hvala na odgovoru, to je rjesenje.