Cisco: Shaping
Simpel
class-map match-any dst_network match access-group name dst_network policy-map Traffic-IN class class-default shape average 20480000 policy-map Traffic-OUT class dst_network shape average 20480000 interface Vlan100 ip address 10.0.100.1 255.255.255.0 service-policy output Traffic-IN interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.252 service-policy output Traffic-OUT ip access-list extended dst_network permit ip 10.0.100.0 0.0.0.255 any
Uitgebreider
Doel: Per datastroom een shaping policy toepassen zodat per tunnel 1 mbit beschikbaar is. In dit voorbeeld zijn de datastromen IPSEC tunnels aan de fa0/0 kant en normaal verkeer aan de fa0/1 kant
class-map match-all peer1 match access-group name peer1 class-map match-all peer2 match access-group name peer2 class-map match-all inv_crypto_peer1 match access-group name inv_crypto_dom_peer1 class-map match-all inc_crypto_peer2 match access-group name inv_crypto_dom_peer2 policy-map Shaping_Out_If class peer1 shape average 1000000 class peer2 shape average 1000000 policy-map Shaping_In_If class inv_crypto_peer1 shape average 1000000 class inv_crypto_peer2 shape average 1000000 interface FastEthernet 0/0 description outgoing interface service-policy output Shaping_Out_If interface FastEthernet 0/1 description incoming interface service-policy output Shaping_In_If ip access-list extended peer1 permit ip any host 192.168.0.1 ip access-list extended peer2 permit ip any host 192.168.0.1 ip access-list extended inv_crypto_peer1 permit esp 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255 ip access-list extended inv_crypto_peer2 permit esp 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255