Задать вопрос
  • Как нарезать скорость на cisco абонентам?

    @alexanderkachkin Автор вопроса
    @dubidrubi:
    ok

    acl 20 используется для нат, чтобы ограничить доступ тем, кто не получил по dhcp ip
    из конфига ip dhcp pool убрал, если надо, то тоже покажу

    а по rate-limit следующая задумка: нарезаю полосу и раскидываю ip по acl, но при перекидывании ip по разным acl, rate-limit не отрабатывает корректно
    вот например у меня адрес 192.168.0.111 ходит вне под 1 мбит все еще, а по конфигу уже должен не лимитироваться
    ----------------------------

    !
    ! Last configuration change at 17:55:18 UTC Thu Oct 30 2014
    ! NVRAM config last updated at 14:50:55 UTC Tue Oct 28 2014
    ! NVRAM config last updated at 14:50:55 UTC Tue Oct 28 2014
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5
    !
    no aaa new-model
    !
    no ipv6 cef
    ip source-route
    ip cef
    !
    !
    !
    !
    ip flow-cache timeout active 1
    ip name-server
    multilink bundle-name authenticated
    !
    !
    crypto pki token default removal timeout 0
    !
    !
    license udi pid CISCO2951/K9 sn
    !
    !
    !
    !
    !
    !
    !
    !
    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    description LAN
    ip address 192.168.0.1 255.255.255.0
    ip flow ingress
    ip flow egress
    ip nat inside
    ip virtual-reassembly in
    rate-limit input access-group 111 1024000 192000 384000 conform-action transmit exceed-action drop
    rate-limit input access-group 131 5120000 960000 1920000 conform-action transmit exceed-action drop
    rate-limit input access-group 141 15360000 2880000 5760000 conform-action transmit exceed-action drop
    rate-limit input access-group 151 25600000 4800000 9600000 conform-action transmit exceed-action drop
    rate-limit input access-group 121 2048000 384000 768000 conform-action transmit exceed-action drop
    rate-limit output access-group 111 1024000 192000 384000 conform-action transmit exceed-action drop
    rate-limit output access-group 131 5120000 960000 1920000 conform-action transmit exceed-action drop
    rate-limit output access-group 141 15360000 2880000 5760000 conform-action transmit exceed-action drop
    rate-limit output access-group 151 25600000 4800000 9600000 conform-action transmit exceed-action drop
    rate-limit output access-group 121 2048000 384000 768000 conform-action transmit exceed-action drop
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    description WAN
    ip address
    ip flow ingress
    ip flow egress
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip dns server
    ip nat inside source list 20 interface GigabitEthernet0/1 overload
    ip route 0.0.0.0 0.0.0.0
    !
    access-list 20 permit 192.168.0.111
    access-list 20 permit 192.168.0.100
    access-list 20 permit 192.168.0.11
    access-list 20 permit 192.168.0.12
    access-list 20 permit 192.168.0.13
    access-list 20 permit 192.168.0.14
    access-list 20 permit 192.168.0.15
    access-list 20 permit 192.168.0.24
    access-list 20 permit 192.168.0.25
    access-list 20 permit 192.168.0.26
    access-list 20 permit 192.168.0.27
    access-list 20 permit 192.168.0.28
    access-list 20 permit 192.168.0.16
    access-list 20 permit 192.168.0.17
    access-list 20 permit 192.168.0.18
    access-list 20 permit 192.168.0.19
    access-list 20 permit 192.168.0.20
    access-list 20 permit 192.168.0.21
    access-list 20 permit 192.168.0.22
    access-list 20 permit 192.168.0.23
    access-list 20 deny any
    access-list 121 permit ip any host 192.168.0.11
    access-list 121 permit ip host 192.168.0.11 any
    access-list 131 permit ip any host 192.168.0.20
    access-list 131 permit ip host 192.168.0.20 any
    access-list 141 permit ip any host 192.168.0.21
    access-list 141 permit ip host 192.168.0.21 any
    access-list 151 permit ip any host 192.168.0.22
    access-list 151 permit ip host 192.168.0.22 any
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    password 7
    login
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    password 7
    login
    transport input all
    line vty 5 858
    password 7
    login
    transport input all
    !
    scheduler allocate 20000 1000
    end
  • Как нарезать скорость на cisco абонентам?

    @alexanderkachkin Автор вопроса
    @dubidrubi: нет, остался ACL, но в нем уже другие адреса, строчки с 192.168.0.11 убрал, rate-limit на интерфейсе не трогал вообще, а надо?
  • Как нарезать скорость на cisco абонентам?

    @alexanderkachkin Автор вопроса
    @dubidrubi:
    перенес в 102 acl 192.168.0.11 чтобы скорость была у 192.168.0.11 два мегабита, но у 192.168.0.11 все еще 1 мбит

    access-list 102 permit ip any host 192.168.0.11
    access-list 102 permit ip host 192.168.0.11 any
    access-list 102 permit ip any host 192.168.0.13
    access-list 102 permit ip host 192.168.0.13 any

    router(config)#do sho interfaces gi0/0 rate-li
    GigabitEthernet0/0 LAN
    Input
    matches: access-group 101
    params: 1024000 bps, 192000 limit, 384000 extended limit
    conformed 481346 packets, 144427511 bytes; action: transmit
    exceeded 26180 packets, 14331025 bytes; action: drop
    last packet: 27832ms ago, current burst: 0 bytes
    last cleared 1d21h ago, conformed 7035 bps, exceeded 698 bps
    matches: access-group 102
    params: 2048000 bps, 384000 limit, 768000 extended limit
    conformed 1363702 packets, 181395745 bytes; action: transmit
    exceeded 3473 packets, 5056918 bytes; action: drop
    last packet: 4ms ago, current burst: 0 bytes
    last cleared 1d21h ago, conformed 8868 bps, exceeded 247 bps
    Output
    matches: access-group 101
    params: 1024000 bps, 192000 limit, 384000 extended limit
    conformed 440322 packets, 391778194 bytes; action: transmit
    exceeded 39303 packets, 55040757 bytes; action: drop
    last packet: 27840ms ago, current burst: 132 bytes
    last cleared 1d21h ago, conformed 19036 bps, exceeded 2674 bps
    matches: access-group 102
    params: 2048000 bps, 384000 limit, 768000 extended limit
    conformed 1654863 packets, 2042M bytes; action: transmit
    exceeded 111856 packets, 154123754 bytes; action: drop
    last packet: 4ms ago, current burst: 413459 bytes
    last cleared 1d21h ago, conformed 99884 bps, exceeded 7535 bps
  • Как нарезать скорость на cisco абонентам?

    @alexanderkachkin Автор вопроса
    @dubidrubi: подскажите, перенес абонента из 101 в 102 группу, скорость режется все так же как в 101 группе он.. как политику rate-limit обновить?
  • Как нарезать скорость на cisco абонентам?

    @alexanderkachkin Автор вопроса
    @dubidrubi: нет, так не хотел, решение опубликовал, спасибо
  • Как нарезать скорость на cisco абонентам?

    @alexanderkachkin Автор вопроса
    access-list 2 permit 192.168.0.11