江苏
上网行为管理器,功能很强大,限速只是很简单的入门功能而已,最重要的是,能审计用户的上网行为,甚至能监测员工的聊天记录,并且方便地存储到内置硬盘,或者网络中的其他服务器。
今天我们要说的可不是上网行为管理器,要实现对上网用户的限速,根本不用上网行为管理器,正如杀鸡不用牛刀一样。
今天的任务是,利用交换机的ACL,限制VLAN的上网速率,且只限制工作时间的网速,简易拓扑图如下所示:
上图中,AR1表示路由器,借用LoopBack0来模拟一下互联网。
一、接入交换机LSW2的配置:
vlan batch 11 to 12
interface Ethernet0/0/1
port link-type access
port default vlan 11
interface Ethernet0/0/2
port link-type access
port default vlan 12
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan all
二、路由器AR1的配置:
配置子接口终结VLAN
interface GigabitEthernet0/0/0.1
dot1q termination vid 11
ip address 192.168.11.2 255.255.255.0
arp broadcast enable
interface GigabitEthernet0/0/0.2
dot1q termination vid 12
ip address 192.168.12.2 255.255.255.0
arp broadcast enable
配置LoopBack0的IP地址,模拟互联网
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
配置OSPF
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.11.2 0.0.0.0
network 192.168.12.2 0.0.0.0
三、本文的关键在于核心交换机LSW1的配置:
vlan batch 11 to 12
dhcp enable
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
dhcp select global
interface Vlanif12
ip address 192.168.12.1 255.255.255.0
dhcp select global
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
ip pool vlan11
gateway-list 192.168.11.1
network 192.168.11.0 mask 255.255.255.0
excluded-ip-address 192.168.11.2 192.168.11.20
dns-list 114.114.114.114
ip pool vlan12
gateway-list 192.168.12.1
network 192.168.12.0 mask 255.255.255.0
excluded-ip-address 192.168.12.2 192.168.12.20
dns-list 114.114.114.114
配置OSPF,与路由器互联
ospf 1
area 0.0.0.0
network 192.168.11.1 0.0.0.0
network 192.168.12.1 0.0.0.0
创建周期时间段work-time,时间范围为工作日的9:00~17:00
time-range work-time 09:00 to 17:00 working-day
配置ACL 2001,明确VLAN的工作时间
acl number 2001
rule 5 permit source 192.168.0.0 0.0.255.255 time-range work-time
配置流分类,匹配ACL 2001
traffic classifier c1
if-match acl 2001
配置流行为,限制上网速度不超过100Mbps(两个VLAN的上网总速率不超过100Mbps)
traffic behavior b1
car cir 102400
statistic enable
#
配置流策略,并在接口GE0/0/1的入方向应用该策略
traffic policy p1
classifier c1 behavior b1
interface g 0/0/1
traffic-policy p1 inbound
特别声明:以上内容(如有图片或视频亦包括在内)为自媒体平台“网易号”用户上传并发布,本平台仅提供信息存储服务。
Notice: The content above (including the pictures and videos if any) is uploaded and posted by a user of NetEase Hao, which is a social media platform and only provides information storage services.
