Cisco: Shaping

From Frotmail Projects
Jump to navigation Jump to search

Simpel

class-map match-any dst_network
 match access-group name dst_network
 
policy-map Traffic-IN
 class class-default
  shape average 20480000

policy-map Traffic-OUT
 class dst_network
  shape average 20480000

interface Vlan100
 ip address 10.0.100.1 255.255.255.0
 service-policy output Traffic-IN
 
interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.252
 service-policy output Traffic-OUT

ip access-list extended dst_network
 permit ip 10.0.100.0 0.0.0.255 any

Uitgebreider

Doel: Per datastroom een shaping policy toepassen zodat per tunnel 1 mbit beschikbaar is. In dit voorbeeld zijn de datastromen IPSEC tunnels aan de fa0/0 kant en normaal verkeer aan de fa0/1 kant

class-map match-all peer1
 match access-group name peer1

class-map match-all peer2
 match access-group name peer2

class-map match-all inv_crypto_peer1
 match access-group name inv_crypto_dom_peer1

class-map match-all inc_crypto_peer2
 match access-group name inv_crypto_dom_peer2

policy-map Shaping_Out_If
 class peer1
  shape average 1000000
 class peer2
  shape average 1000000


policy-map Shaping_In_If
 class inv_crypto_peer1
  shape average 1000000
 class inv_crypto_peer2
  shape average 1000000

interface FastEthernet 0/0
 description outgoing interface
 service-policy output Shaping_Out_If

interface FastEthernet 0/1
 description incoming interface
 service-policy output Shaping_In_If

ip access-list extended peer1
 permit ip any host 192.168.0.1

ip access-list extended peer2
 permit ip any host 192.168.0.1

ip access-list extended inv_crypto_peer1
 permit esp 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255

ip access-list extended inv_crypto_peer2
 permit esp 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255