针对应用最为广泛的思科路由器来说,经常因为功能限制或者抵制黑客攻击,需要对特定的某些ip地址或者一个网段进行速度限制,这时候该怎么办呢?下文就一一解除您的疑惑。
针对某些特定ip地址的限制速度的方法:
1)设置ACL
access-list 102 permit ip host 192.168.10.2 any
access-list 102 permit ip any host 192.168.10.2
access-list 103 permit ip host 192.168.10.3 any
access-list 103 permit ip any host 192.168.10.3
2)定义类
class-map match-all 102
match access-group 102
class-map match-all 103
match access-group 103
3)将类加入策略中
policy-map xiansu
class 102
police 1024000 128000 conform-action transmit exceed-action drop
class http://www.luyouqiwang.com/14225/ 103
police 1024000 128000 conform-action transmit exceed-action drop
4)将策略加入端口中
interface FastEthernet0/0
service-policy input xiansutest
service-policy output xiansutest
针对某个网段进行限速(限定的是总带宽)的方法:
1)设置ACL
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 permit ip any 192.168.10.0 0.0.0.255
2)定义类
class-map match-all 110
match access-group 110
3)设置策略
policy-map xiansu110
class 110
police 10240000 1280000 conform-action transmit exceed-action drop
4)将策略加入端口
interface FastEthernet0/0
service-policy input xiansu110
service-policy output xiansu110 |