object-group network ip-google
8.8.4.0 255.255.255.0
8.8.8.0 255.255.255.0
8.34.208.0 255.255.240.0
8.35.192.0 255.255.240.0
23.236.48.0 255.255.240.0
23.251.128.0 255.255.224.0
35.184.0.0 255.248.0.0
35.192.0.0 255.248.0.0
35.200.0.0 255.252.0.0
35.204.0.0 255.254.0.0
35.224.0.0 255.240.0.0
35.240.0.0 255.248.0.0
64.9.224.0 255.255.254.0
64.9.228.0 255.255.254.0
64.15.112.0 255.255.240.0
64.233.160.0 255.255.224.0
.
ip access-list extended ACL-ANAS
Deny ip object-group ip-google 91.192.4.12 0.0.0.3
class-map match-all CLASS-ANAS
match access-group name ACL-ANAS
!
policy-map MT-LIMTED
class CLASS-ANAS
police 2000000
FiberISP-Cisco(config-if)#interface ten 0/0/0
FiberISP-Cisco(config-if)#service instance 2528 ethernet
FiberISP-Cisco(config-if-srv)#service-policy input MT-LIMTED
**QoS: Configuration failed. deny is not supported
QoS: Configuration failed. deny is not supported
QoS: Configuration errors for policymap MT-LIMTED**
QoS:配置失败。不支持拒绝
网络工程
服务质量
acl
服务政策
2022-02-06 04:28:19
1个回答
我找到了一种成功的方法来策略指定 ip 的流量,或者在CISCO ASR 903 IOS XE 3.18S 上
例如,我有一些服务的 ip 74.0.0.0/8(如谷歌)
1-子网从 1.0.0.0/8 到 255.0.0.0/8 的完整范围,并自定义您想要的 ip('s) 在此处输入链接描述
2-现在你有两个范围
1.0.0.0/8
2.0.0.0/7
4.0.0.0/6
8.0.0.0/5
16.0.0.0/4
32.0.0.0/3
64.0.0.0/5
72.0.0.0/8
74.0.0.0/8 (this we need to policy )
75.0.0.0/8
75.0.0.0/8
76.0.0.0/6
80.0.0.0/4
96.0.0.0/3
128.0.0.0/1
3-创建对象组
#object-group network object_ip_select
74.0.0.0/8
#object-group network object_ip_other
1.0.0.0/8
2.0.0.0/7
4.0.0.0/6
8.0.0.0/5
16.0.0.0/4
32.0.0.0/3
64.0.0.0/5
72.0.0.0/
75.0.0.0/8
75.0.0.0/8
76.0.0.0/6
80.0.0.0/4
96.0.0.0/3
128.0.0.0/1
4-为 Cust 创建访问列表并选择一个 dst-address 作为 Cust ip
#ip access-list extended ACL-CUST1-IP-SELECT
#permit ip object-group object_ip_select <CUSTNETWORK> <WILDCARD>
#ip access-list extended ACL-CUST1-IP-OTHER
#permit ip object-group object_ip_other <CUSTNETWORK> <WILDCARD>
5-为 ip-select 和其他 ips 创建两个策略映射
#class-map match-all CLASS-CUST1-IP-SELECT
#match access-group name ACL-CUST1-IP-SELECT
#class-map match-all CLASS-CUST1-IP-OTHER
#match access-group name ACL-CUST1-IP-OTHER
6-为我们的 CLASS-MAP 创建策略映射
policy-map TRAFFIC-LIMTED
class CLASS-CUST1-IP-SELECT
police cir 40M
class CLASS-CUST1-IP-OTHER
police cir 90M
7-将此策略映射应用于传入接口或实例(vlan)
interface Port-channel2
service instance 2000 ethernet
service-policy input TRAFFIC-LIMTED
8-现在完成了 cust 1 的流量为 40 M 用于 74.0.0.0/8 和其他 90M 如果您有更多的 cust 只需使用 ACL、CLASS 创建另一个 ip 访问列表,然后将新类添加到策略映射 TRAFFIC-LIMTED
其它你可能感兴趣的问题