Ip speed limit of a Cisco Router

In this experiment, the speed limiting device of a Cisco router is completed by a Cisco2811 router. In this experiment, we will first look at the flash: www.2cto.com yourname # dirDirectory of flash on the router in two ways: /1-rw-25438028 Oct 22 2010 02:25:58 + 02:26:08 c2800nm-ipbase-mz.124-15.T.bin2-rw-1505280 Oct 22 2010 02:26:16 + common.tar 3-rw-931840 Oct 22 2010 + es.tar 4-rw- 1038 Oct 22 2010 02:26:20 + 02:26:26 home.shtml 5-rw-112640 Oct 22 2010 + home.tar 6-rw-415956 Oct 22 2010 02:26:34 + 02:26:38 sslclient-win-1.1.4.176.pkg7-rw-2748 Oct 22 2010 06:09:42 + 06:30:26 sdmconfig-2811.cfg8-rw-35316 Apr 5 2011 + crashinfo_20110405-0609439-rw-42068 Apr 5 2011 + crashinfo_20110405-063027 128733184 bytes total (100229120 bytes free) www.2cto.com The following is the first step in the experiment: Use the ACL to define the speed limit CIDR block or ip address, and call access-list 102 permit ip 192.168.1.0 0.0.0.255 anyaccess- List 102 permit ip any 192.168.1.0 0.0.0.255 Step 2: define class-map, call ACLclass-map match-all 102 match access-group 102 Step 3: Define policy-map, call class-map to set the speed limit policy-map 102 class 102 police 256000 8000 conform-action transmit exceed-action drop Step 4: apply policy-map to interface FastEthernet0/1service-policy input 102service-policy output 102 * Apr 5 06:24:04. 023: % IP_VFR-4-FRAG_TABLE_OVERFLOW: FastEthernet0/1: The fragment table has reached its maximum threshold 16 yourname # sh policy-map int f0/1 FastEthernet0/1 Service-policy input: 102 Class-map: 102 (match-all) 2746 packets, 672324 bytes 5 minute offered rate 20000 bps, drop rate 0 bps Match: access-group 102 police: cir 256000 bps, bc 8000 bytes conformed 2746 packets, 672324 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop confo Rmed 90000 bps, exceed 0 bps Class-map: class-default (match-any) 13407 packets, 1753107 bytes 5 minute offered rate 49000 bps, drop rate 0 bps Match: any Service-policy output: 102 Class-map: 102 (match-all) 3506 packets, 2954143 bytes 5 minute offered rate 68000 bps, drop rate 44000 bps Match: access-group 102 police: cir 256000 bps, bc 8000 bytes conformed 2243 packets, 1195420 bytes; actions: Transmit exceeded 1263 packets, 1758723 bytes; actions: drop conformed 162000 bps, exceed 239000 bps Class-map: class-default (match-any) 15064 packets, 18750663 bytes 5 minute offered rate 430000 bps, drop rate 0 bps Match: any yourname # according to the above information, we can know that the traffic has been dropped, that is, part of the traffic that exceeds the limit, another unit is bit rather than Byte. The following is before thunder's experiment:

After the experiment:


The above is the first method for speed limiting. Next we will look at another simple method.
First, define the ACL: access-list 102 permit ip 192.168.1.0 0.0.255 anyaccess-list 102 permit ip any 192.168.1.0 0.0.255 and then enable rate-limit directly under the interface: interface FastEthernet0/1rate-limit input access-group 102 256000 1500 2000 conform-action transmit exceed-action droprate-limit output access-group 102 256000 1500 2000 conform-action transmit exceed-action drop yes, the speed limit is equivalent to the first method.

The above two methods are configured to speed up the entire ip address segment. If we want to speed up each ip address in the ip address segment to 25.6KB/s, we need to use the following method: access-list 121 permit ip host 192.168.0.21 anyaccess-list 121 permit ip any host 192.168.0.21! Access-list 122 permit ip host 192.168.0.22 anyaccess-list 122 permit ip any host 192.168.0.22! Access-list 123 permit ip host 192.168.0.23 anyaccess-list 123 permit ip any host 192.168.0.23! Class-map match-all 121 match access-group 121! Class-map match-all 122 match access-group 122! Policy-map xiansu class 121 police 2560000 8000 conform-action transmit exceed-action drop class 122 police 2560000 8000 conform-action transmit exceed-action drop! Interface FastEthernet0/1 service-policy input xiansu service-policy output xiansu above is for 192.168.0.21, 192.168.0.21 speed limit 256KB/s. If you want to limit the ip address of the entire segment, write it slowly.