How do Cisco switches limit BT downloads?

How do I make a QoS-limiting configuration under the Cisco switch? How to limit BT downloads? This blog will be detailed with examples.

Example 1: QoS speed limits on Cisco switches

For the switch on the user's bandwidth control, the switch is usually 10/100/1000, three kinds of speed, for other rates need to carry out the speed limit of QoS, you can also limit some ports, to do a strategy, some ports to limit.

First, network description

The USER1_PC1 is connected to the CISCO3560F0/1 and the rate is 1M;

Ip_add192.168.1.1/24

The USER2_PC2 is connected to the CISCO3560F0/2 and the rate is 2M;

Ip_add192.168.2.1/24

The G0/1 of the Cisco3560 is an outlet, or a cascade port.

Second, the detailed configuration process

Note: Each interface supports only one policy, and one policy can be used for multiple interfaces. Therefore, the download rate limit for all PCs should be defined in the same policy (in this case, Policy-mapuser-down), while the difference between PC rates is defined separately in Class-map.

1, on the switch to start QoS

Switch (config) #mlsqos//Start QoS on the switch

2, respectively define PC1 (192.168.1.1) and PC2 (192.168.2.1) Access Control List

Switch (config) #access-list1permit192.168.1.00.0.0.255//control PC1 uplink flow

Switch (config) #access-list101permitany192.168.1.00.0.0.255//control PC1 downlink Traffic

Switch (config) #access-list2permit192.168.1.200.0.0.255//control PC2 Uplink flow

Switch (config) #access-list102permitany192.168.2.10.0.0.255//control PC2 downlink Traffic

3. Define the class and bind to the Access control list defined above

Switch (config) #class-mapuser1-up//defines the PC1 uplink class and binds access to the list 1

Switch (config-cmap) #matchaccess-group1

Switch (Config-cmap) #exit

Switch (config) #class-mapuser2-up

Switch (config-cmap) #matchaccess-group2//define the PC2 uplink class and bind access list 2

Switch (Config-cmap) #exit

Switch (config) #class-mapuser1-down

Switch (CONFIG-CMAP) #matchaccess-group101//defines the PC1 down class and binds to access list 101

Switch (Config-cmap) #exit

Switch (config) #class-mapuser2-down

Switch (CONFIG-CMAP) #matchaccess-group102//defines the PC2 down class and binds to access list 102

Switch (Config-cmap) #exit

4, define the policy, bind the class defined above to the policy

Switch (config) #policy-mapuser1-up//defines a PC1 uplink rate of 1M, over discarded

Switch (config-pmap) #classuser1-up

Switch (config-pmap-c) #trustdscp

Switch (config-pmap-c) #police10000001000000exceed-actiondrop

Switch (config) #policy-mapuser2-up//defines a PC2 uplink speed of 2M, over discarded

Switch (config-pmap) #classuser2-up

Switch (config-pmap-c) #trustdscp

Switch (config-pmap-c) #police20000002000000exceed-actiondrop

Switch (config) #policy-mapuser-down

Switch (config-pmap) #classuser1-down

Switch (config-pmap-c) #trustdscp

Switch (config-pmap-c) #police10000001000000exceed-actiondrop

Switch (config-pmap-c) #exit

Switch (config-pmap) #classuser2-down

Switch (config-pmap-c) #trustdscp

Switch (config-pmap-c) #police20000002000000exceed-actiondrop

Switch (config-pmap-c) #exit

5, the application of the strategy on the interface

Switch (config) #interfacef0/1

Switch (config-if) #service-policyinputuser1-up

Switch (config) #interfacef0/2

Switch (config-if) #service-policyinputuser2-up

Switch (config) #interfaceg0/1

Switch (config-if) #service-policyinputuser-down

Example 2: A QoS configuration instance that restricts BT downloads

First, find the BT program open connection port, the default is 6881 to 6889.

Second, the LAN often pull BT IP statistics out, set up extended access list as follows:

extendedipaccesslistbtdownloadpermittcpanyhost192.168.1.120range68816889

permittcpanyhost192.168.1.135range68816889permittcpanyhost192.168.1.146

Range68816889permittcpanyhost192.168.1.159range68816889permittcpanyhost

192.168.1.211range68816889permittcpanyhost192.168.1.223range68816889

Iii. Establishment of CLASS-MAPCLASS_BT

Cisco (config) #class-mapclass_btcisco (config-cmap) #matchaccess-groupnamebtdownload

Iv. establishment of POLICY-MAPQOS_BT for speed limits

Cisco (config) #policy-mapqos_btcisco (config-pmap) #classclass_btCisco (config-pmap-c) # Police50000008000exceed-actiondrop

Five, the QoS configuration is complete, but in the application of QoS to the end, to understand a concept, the QoS mechanism can not coexist with the FlowControl (flow control) function on the same port. About flowcontrol--flow control is enabled on a direct-attached Ethernet port, allowing nodes that are congested at the other end to suspend the link operation to control the flow rate during congestion. If a port is congested and cannot receive any more traffic, he notifies the end port to stop sending until the congestion disappears. When the local device detects any congestion locally, he is able to send a pause frame to notify the link partner or remote device that congestion has occurred. Immediately after the pause frame is received, the remote device stops sending any packets, which prevents any packets from being discarded during congestion. Flow control can be designed in two ways, symmetric and asymmetric. Symmetric design is suitable for point-to-point links, and asymmetric design is suitable for radiation-type node connections. The hub router in the radiation node can interrupt the end system, but not the other way. Use the command to set the send or receive pause frame for an interface to on,off or desired. (interface) Flowcontrol{receive|send}{on|off|desired} The default Fast Ethernet port is Receiveoff and sendoff. On the Catalyst3550 switch, the GBT port can receive and send a paused frame, and the Fast Ethernet port can only receive paused frames. Therefore, for Fast Ethernet ports, only sendoff can be used to describe their state.

Six, apply QoS to the appropriate port

Cisco (config-if) #service-POLICYINPUTQOS_BT

QoS other Content

QoS configuration Four steps:

1, set the ACL matching application traffic;

2, set the Class-map to match the corresponding ACL or the corresponding port and so on, but the general matching ACL;

3, set Policy-map matching Class-map, and then set a regular action;

4, bind the Policy-map to the appropriate interface.

Of course, it should be noted that QoS has been global enable, by default, QoS first is disable. Use the global command Mlsqos to enable, and you can see whether to enable by Showmlsqos. (mls:multilayerswitchinginformation)

Detailed QoS commands

Basicintroduction

Marking is to modify the IP priority or DSCP, but because the IP priority and DSCP are both occupied TOS fields, the latter is equivalent to the extension of the former, so cannot be

When both values are set, only the value of IPDSCP is in effect.

Tags are the basis for many of the following QoS policy applications, using POLICYMAP.

Configurations

1. Define Classmap

Classmap is a matching table, similar to ACLs. All Policymap are essentially operations on the Classmap.

Nimokaka (config) #class-map[match-all|match-any]{map-name}----parameters in the Match-all to match all conditions, match-any indicate that at least one condition is met

2.classmap Matching

Nimokaka (CONFIG-CMAP) #

Matchaccess-group{acl}――――――――――――――― matching Ipacl (mainly is the corresponding packet)

Matchprotocol{protocol}――――――――――――――― Matching Protocol (this is used in nbar-based on Web applications)

Matchinput-interface{interface}――――――――――――――― Matching Inbound interface

Matchqos-group{groupid}――――――――――――――― Match Group ID (do not know what to do)

Matchdestination-address{macmac-address}――――――――――――――― Match Destination MAC address

Matchsource-address{macmac-address}――――――――――――――― Matching Source MAC address

Matchip{dscpdscp}―――――――――――――――――――― Matching IPDSCP value

Matchip{precedenceprecedence}――――――――――――――― Matching IP priority

Matchclass-map{map-name}――――――――――――――― matching Classmap (Classmap nesting)

Matchvlan{vlan-id}――――――――――――――― Matching VLAN

3. Set Policymap

Nimokaka (config) #policy-map{policy-name}

Nimokaka (Config-pmap) #class {Class-map}

4. Configure priority and DSCP values

Nimokaka (CONFIG-PMAP-C) #

Some action options for labeling:

Setip{precedenceprecedence}――――――――――――――― Set IP Priority

Setip{dscpdscp}――――――――――――――― Set IPDSCP value

Setqos-group{groupid}――――――――――――――― Set Group ID

setcos{cos}――――――――――――――― Set COS value

Priority{kbps|percentpercent}[bc]――――――――――――――― defines the reserved bandwidth (kbor%) of priority traffic and burst traffic

Bandwidth{kbps|percentpercent}――――――――――――――― defines the reserved bandwidth (kbor%)

Police{cirbcbe}conform-action{action}exceed-action{action}[violate-action{action}]―――― using token bucket algorithm for speed limits

Random-detect Enable wred

Queue-limit{packets} defines the maximum number of packets in a queue

Service-policy{policy-map} using a different policy to nest, as a match statement

SHAPE{AVERAGE|PEAK}{CIR[BC][BE]} define CIR,BC and be to perform an orthopedic

5. Hook configuration to interface

Nimokaka (config-if) service-policy[input|output]policy-name

6. Check the configuration

Nimokaka#showpolicy-map[policy-name]

To view policymap information for an interface:

Nimokaka#showpolicy-mapinterface[interface]

Case

Set the IP priority of the outbound Telnet traffic from 192.168.10.0/24 to 5, and the other outbound traffic has the IP priority set to 1:

Access-list100permittcp192.168.10.00.0.0.255anyeqtelnet

Class-mapmatch-alltelnet

matchaccess-group100

Policy-mapnimokaka

Classtelnet

Setipprecedence5

Classclass-default

Setipprecedence1

InterfaceSerial1

clockrate100

Noshut

ipaddress1.1.1.1255.255.255.252

Service-policyoutputnimokaka

Ps

Class-map nesting: There are two reasons: to invoke an existing classmap when creating Classmap

1, easy to manage, on the basis of existing to add a modification to smooth over.

2. Allow the user to use matching all (Match-all) and match any (match-any) in the same classmap.

For example, 4 matching criteria: A, B, C, and D. Now you want Classmap to match a, or match B, or both C and D, you can use Classmap nesting:

Create a new classmap, defined to match all (Match-all) new criteria for matching E to match both C and D; then define another match for any

(Match-any) Classmap, to match a, or B, or E (that is, match both C and D).

Configuration method for Switch QoS (cisco3550/3560, cisco3750)

(i) Configuring traffic classification and policy

1. Global #class-map[match-all (default: Fully compliant)/match-any]――― (establish a Traffic classification strategy)

2.map#matchaccess-group―――――― (traffic classification using ACLs, can be configured repeatedly)

3.map#matchinput-interface< Interface >―――――― (traffic classification based on interface)

4.map#matchvlan<#>―――――――――――― (traffic classification based on VLAN)

5.map#matchprotocol......―――――――― (Traffic classification based on protocol)

(ii) Defining strategies

1. Global #policy-map―――――――――――― (Create a policy file)

2.pm#class――――――――――― (defines the classified traffic as a strategy)

3.pm-c#bandwidth< Value/Percent >―――――――――――――― (used to set the bandwidth ratio of the weight * Occupancy interface)

4.pm-c#setipprecedence<0-7>――――――――――――― (Set marking value)

5.pm-c#setcos ...

6.PM-C#SETDSCP ...

(iii) Load strategy

1. Interface #service-policy―――――――――― (load policy on interface)

(iv) Global #mlsqos―――――――――――――――――――――― (Open QoS feature)

(v) Interface #mlsqostrust―――――― (setting the trust State and trust boundary on the interface, processing according to policy if the corresponding marking value is received on the interface)

Eight. Display command

(i) #showclass-map

Configuration method of switch port speed limit (cisco3550/3560, cisco3750)

Mlsqos

!

Class-mapmatch-allipclass――――――――――――――――― all crawl All traffic

Matchipdscp0

!

!

policy-maprate-256k

Classipclass

Police25600020000exceed-actiondrop

policy-maprate-512k

Classipclass

Police51200020000exceed-actiondrop

Policy-maprate-2m

Classipclass

Police2096000200000exceed-actiondrop

policy-maprate-6m

Classipclass

Police6296000600000exceed-actiondrop

policy-maprate-4m

Classipclass

Police4200000300000exceed-actiondrop

policy-maprate-800m

Classipclass

Police800000000800000exceed-actiondrop――― definition policy-map,800m Start time delay increase, after reaching 800.8M start discard (packet loss)

Interfacefastethernet0/22

Service-policyinputrate-256k――――――――――――――――――― apply policy to switch ports

service-policyoutputrate-256k Original Blog Address: http://hi.baidu.com/5ijsj/item/2cdce81ab87fcd08e75c361c

(ii) #showpolicy-map

(iii) #showpolicy-mapinterface< interface >―――――――――― (Display interface load policy)