Routing practical skills How does a Cisco Router speed limit

Source: Internet
Author: User

This article describes in detail how to skillfully set the speed limit for commonly used Cisco routers, and provides detailed operation steps. I hope this article will help you.

The so-called speed limit is to set the ACL Access Control List on the router) to block the port used by the Service, so as to prevent the normal operation of the service. For the btsoftware, we can try to seal its port. In general, the btsoftware uses port 6880-6890. Use the following command on the company's core Cisco router to block all port 6880-6890.

Speed limit:

Access-list 130 remark bt

Access-list 130 permit tcp any range 6881 6890

Access-list 130 permit tcp any range 6881 6890 any

Rate-limit input access-group 130 712000 8000 8000 conform-action transmit exceed-action drop

Rate-limit output access-group 130 712000 8000 8000 conform-action transmit exceed-action drop

Download prohibited:

Access-list 130 deny tcp any range 6881 6890

Access-list 130 deny tcp any range 6881 6890 any

Ip access-group 130 in/out

However, the current btsoftware will automatically change the port after it is blocked. Some software still uses ports such as 8000, 8080, and 2070 to limit these ports so that the network is abnormal! The second method is to use NVARNetwork-Based Application Recognition for network Application Recognition ). NBAR Network-Based Application Recognition) indicates Network Application Recognition. NBAR is a dynamic technology that allows you to search for protocols from Layer 4 to Layer 7. It not only achieves common ACLs, but also controls static and simple network application protocols.
The port number of TCP/UDP. For example, the TCP 80 used by well-known WEB applications can also control the protocols that generally cannot achieve dynamic ports in ACLs, such as H.323 and SIP used by VoIP.

To control the speed limit of BT traffic, you must support PDLM on the Cisco router. PDLM is written by the Packet Description Language Module, which means the data Packet Description Language Module. It is a description of the protocol layer of high-level network applications, such as the protocol type and service port number. Its advantage is to adapt NBAR to many existing network applications, such as http url, DNS, FTP, and VoIP. At the same time, it can also be defined, to enable NBAR to support many emerging network applications. For example, peer2peer tool.
PDLM can be downloaded from Cisco websites, and PDLM can be used to limit malicious traffic on some networks. CISCO provides three PDLM modules on its official website: KAZAA2.pdlm and bittorrent. pdlm. emonkey. pdlm can be used to block KAZAA, BT, and obtain PDLM from the donkey and then use the TFTP server to mount bittorrent. copy pdlm to the route. Use the ip nbar pdlm bittorrent. pdlm command to start the BT function in NBAR. Create a class-map and policy map and apply it to the corresponding Cisco router interface. Generally, the interface connecting to the Internet Chinanet is FastEthernet or 10 M Ethernet interface. On the Cisco router, you can see the following Configuration:

Class-map match-all bittorrent

Match protocol bittorrent

!

!

Policy-map bittorrent-policy

Class bittorrent

Drop

!

Interface FastEthernet0/

Description neibujiekou

Ip address 192.168.0.1 255.255.255.0

Ip nat inside

Service-policy input bittorrent-policy

Service-policy output bittorrent-policy

!

In this way, you can implement some traffic control on your company or organization's Internet access to the Cisco router. At the same time, NBAR and PDLM can also be applied to the Intranet Wide Area Network of your company and organization to ensure the reasonable use of wide area network bandwidth.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.