以下是相关配置:
环境:Dynamips、FlashFXP、IOS 12.4T
!
ftp-server enable
ftp-server topdir disk0:
!
........
!
class-map match-all shape
match access-group 100
!
!
policy-map shape
class shape
police cir 80000 bc 15000 be 30000
conform-action transmit
exceed-action drop
!
.....
access-list 100 permit tcp any host 192.168.1.200
access-list 100 deny tcp any any
R1#sh run int f0/0
Building configuration...
Current configuration : 166 bytes
!
interface FastEthernet0/0
ip address 192.168.1.221 255.255.255.0
duplex full
rmon native
rmon collection stats 1 owner config
service-policy output shape
end
R1#
R1#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: shape
Class-map: shape (match-all)
7593 packets, 10691055 bytes
5 minute offered rate 36000 bps, drop rate 3000 bps
Match: access-group 100
police:
cir 80000 bps, bc 15000 bytes
conformed 2683 packets, 3636183 bytes; actions:
transmit
exceeded 232 packets, 349392 bytes; actions:
drop
conformed 34000 bps, exceed 3000 bps
Class-map: class-default (match-any)
3388 packets, 4241610 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1#
由于police是采用即时丢包机制,所以流量图呈锯齿状。
police bps [burst-normal] [burst-max] conform-action action exceed-action action
[violate-action action]
CISCO建议 burst-normal=configured rate/8*1.5, burst-max=burst-normal*2,这样限速的效果基本跟configured rate 持平如下面的例子,在police命令中不使用这两个参数,而由系统自动生产,结果速度才4K左右,没有达到预期(8K)的目的
R1(config-pmap-c)#police 80000 con tr ex drop
R1(config-pmap-c-police)#
R1(config-pmap-c-police)#do sh policy-map int f0/0
FastEthernet0/0
Service-policy output: shape
Class-map: shape (match-all)
8779 packets, 12044939 bytes
5 minute offered rate 54000 bps, drop rate 10000 bps
Match: access-group 100