Outils pour utilisateurs

Outils du site


Panneau latéral

Bienvenu,

Bonne lecture.

docs:cisco

Table des matières

Cisco

Routeur

Switch

     LAN -> FW -> gi0/#41SW-3560#gi0/51 -> -> -> -> SW-3550#gi0/8 -> FW -> NET
                                LAN PROD ->
                          
                          
----- SW-3550 -----
# Limitation dans le sens LAN -> NET
mls qos

ip access-list extended ACL_FR_ANY
	permit ip 77.72.90.120 0.0.0.7 any
ip access-list extended ACL_FR_PROD
	permit ip 77.72.90.120 0.0.0.7 77.72.90.64 0.0.0.63

class-map match-all CLASS_FR_SHAP_ANY
  match access-group name ACL_FR_ANY

class-map match-all CLASS_FR_SHAP_PROD
  match access-group name ACL_FR_PROD

policy-map POLICY_FR_SHAP
  class CLASS_FR_SHAP_PROD
    # 90Mb/s
    # police 94371840 100000 exceed-action drop
    # On laisse tout passer sans limite
  class CLASS_FR_SHAP_ANY
    # 20 Mb/s
    police 20971520 100000 exceed-action drop
    

interface GigabitEthernet0/8
  description L2L VBO->TH2->RIVOLI
  switchport access vlan 10
  service-policy input POLICY_FR_SHAP

----- SW-3560 -----
# Limitation dans le sens NET -> LAN
mls qos

ip access-list extended ACL_FR_ANY
	permit ip any 77.72.90.120 0.0.0.7
ip access-list extended ACL_FR_PROD
	permit ip 77.72.90.64 0.0.0.63 77.72.90.120 0.0.0.7

class-map match-all CLASS_FR_SHAP_ANY
  match access-group name ACL_FR_ANY

class-map match-all CLASS_FR_SHAP_PROD
  match access-group name ACL_FR_PROD

policy-map POLICY_FR_SHAP
  class CLASS_FR_SHAP_PROD
    # 90Mb/s
    police 94371840 100000 exceed-action drop
  class CLASS_FR_SHAP_ANY
    # 20 Mb/s
    police 20971520 100000 exceed-action drop

interface GigabitEthernet0/51
  description L2L VBO->TH2->RIVOLI
  switchport access vlan 900
  service-policy input POLICY_FR_SHAP

interface GigabitEthernet0/41
  description FW-FR VLAN 900 L2L
  switchport access vlan 900
  
interface GigabitEthernet0/42
  description FW-FR
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan 1,10,20,30,90
docs/cisco.txt · Dernière modification: 2011/05/12 00:56 par yoann