CiscoForums.it

Inviato: **mar 05 dic , 2006 6:22 pm**

Ciao a tutti, possiedo un router cisco soho77 con connessione tele2 a 640k per l'adsl di casa, la rete locale è configurata con ip statici. Mi piacerebbe sapere:

posso configurare il router in modo che limiti la banda assegnata a uno specifico indirizzo ip della rete? Nel senso, vorrei che uno specifico pc della rete non potesse usare più di metà della banda totale. E' possibile?

Inviato: **mer 06 dic , 2006 12:59 pm**

class-map QOS-LIM
match access-group 110

policy-map QoS-Policy
class QOS-LIM
bandwidth percent ***

int atm0.1
service-policy output QoS-Policy

access-list 110 remark *** ACL PER QOS RDP ***
access-list 110 permit ip host xxx 0.0.0.0 any

Inviato: **mer 06 dic , 2006 1:28 pm**

ciao,
riguardo l'argomento trattato sopra,potete darmi un link
che spieghi in dettaglio il funzionamento delle policy utilizzate??

grazie

aghibear

Inviato: **lun 16 apr , 2007 2:36 pm**

Wizard ha scritto:class-map QOS-LIM
match access-group 110

policy-map QoS-Policy
class QOS-LIM
bandwidth percent ***

int atm0.1
service-policy output QoS-Policy

access-list 110 remark *** ACL PER QOS RDP ***
access-list 110 permit ip host xxx 0.0.0.0 any

Scusate l'ignoranza...
io ho applicato le stesse regole, solo che nella access-list 110 ho inserito:
access-list 110 permit ip host xxx any

L'access-list non viene mai matchata...non capisco..

Ecco parte della conf (c'e' anche una vpn punto-punto che non ho inserito nella conf):

aaa session-id common
clock timezone SOLARE 1
clock summer-time LEGALE recurring last Sat Mar 2:00 last Sat Oct 3:00
no ip dhcp use vrf connected

ip dhcp update dns both
ip cef
ip name-server 85.37.17.47
ip name-server 151.99.125.3
ip inspect name LOW icmp
ip inspect name LOW tcp
ip inspect name LOW udp
ip ssh time-out 15
ip ssh version 2
interval maximum 1 0 0 0
!
!
multilink bundle-name authenticated
!
!
username xx privilege 15 password 7 xx
!
class-map match-all QOS-LIM
match access-group 110
!
!
policy-map QoS-Policy
class QOS-LIM
bandwidth percent 10
!
!

interface Ethernet0
ip address 192.168.xx.xx 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!

!
interface ATM0
no ip address
load-interval 30
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet4
description >>> DMZ e VOIP
duplex auto
speed auto
!
interface Dialer0

ip address negotiated
ip access-group 101 in
ip nat outside
ip inspect LOW out
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
ppp chap hostname xx
ppp chap password 7 xx
ppp pap sent-username xx password 7 xx
crypto map VPN
service-policy output QoS-Policy
!
ip local pool VPN-CLIENT-POOL 172.18.10.10 172.18.10.50
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 1200
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 4096
ip nat inside source list 140 interface Dialer0 overload

ip nat inside source static tcp 192.168.xx.xx 7954 interface Dialer0 7954
ip nat inside source static udp 192.168.xx.xx 23580 interface Dialer0 23580!

access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any

access-list 101 permit udp host 62.152.126.5 eq ntp any eq ntp
access-list 101 permit udp host 198.41.0.4 eq domain any
access-list 101 permit udp host 85.37.17.47 eq domain any
access-list 101 permit udp host 151.99.125.3 eq domain any
access-list 101 permit tcp host 63.208.196.94 eq www any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit tcp any any eq 7954
access-list 101 permit udp any any eq 23580
access-list 101 permit gre any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit esp any any
access-list 101 permit udp any eq isakmp any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 110 permit ip host 192.168.xx.xx any
access-list 140 permit ip 192.168.xx.xx 0.0.0.255 any

Inviato: **lun 07 mag , 2007 5:40 pm**

E' normale non essendo applicata a nessuna interfaccia.

Inviato: **lun 07 mag , 2007 8:18 pm**

[Dj][DMX] ha scritto:E' normale non essendo applicata a nessuna interfaccia.

Come a nessuna interfaccia..
nella dialer 0 c'e' : service-policy output QoS-Policy

Non è questa?

Inviato: **lun 07 mag , 2007 10:59 pm**

Nel senso che non è applicata come ACL a nessuna interfaccia (e0, atm, serial, ecc. ecc.). E' normale che non abbia match

Inviato: **mar 08 mag , 2007 9:59 am**

Prova a fare uno "sh policy map int dialer0"

Inviato: **mer 09 mag , 2007 8:38 pm**

Wizard ha scritto:Prova a fare uno "sh policy map int dialer0"

Ecco il risultato:

Router_Casa#sh policy-map int dia 0
Dialer0

Service-policy output: BANDA

Class-map: MARIO (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group 110
Queueing
Output Queue: Conversation 25
Bandwidth 8 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
910 packets, 324770 bytes
30 second offered rate 67000 bps, drop rate 0 bps
Match: any

Inviato: **gio 10 mag , 2007 8:52 am**

Prova a farla non
class-map match-all QOS-LIM
ma
class-map match-any QOS-LIM

Inviato: **gio 10 mag , 2007 10:10 am**

Wizard ha scritto:Prova a farla non
class-map match-all QOS-LIM
ma
class-map match-any QOS-LIM

Percaso devo anche nattare l'acl 110 sulla dialer0?

Inviato: **gio 10 mag , 2007 10:21 am**

Nattare...?
No, nessun nat e nessuna applicazione della acl per il qos su interfaccie

Inviato: **gio 10 mag , 2007 10:30 am**

Wizard ha scritto:Nattare...?
No, nessun nat e nessuna applicazione della acl per il qos su interfaccie

Allora:

access-list 110 permit ip host 192.168.20.11 any

class-map match-any QOS
match access-group 110
!
!
policy-map BANDA
class QOS
bandwidth 8

interface Dialer0
ip address negotiated
ip access-group 101 in
ip nat outside
ip inspect LOW out
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
ppp chap hostname xxx
ppp chap password 7 xxx
ppp pap sent-username xxx password xxx
crypto map VPN
service-policy output BANDA

risultato:
#sh policy-map int dia 0
Dialer0

Service-policy output: BANDA

Class-map: QOS (match-any)
27 packets, 4917 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group 110
27 packets, 4917 bytes
30 second rate 0 bps
Queueing
Output Queue: Conversation 25
Bandwidth 8 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
1619 packets, 517480 bytes
30 second offered rate 66000 bps, drop rate 0 bps
Match: any

Ora vedro' come si comporta...

CiscoForums.it

Posso limitare la banda ad un pc dal router? (cisco soho77)

Posso limitare la banda ad un pc dal router? (cisco soho77)