To me the border is the place to filter.. to save you time here is the
pertinent portions of a config I just did (this is IOS 12.2 by the way), my
comments are prefaced with ##.. E-mail me with questions.
class-map match-any normal-priority
match access-group name normalpriority
class-map match-any high-priority
match access-group name highpriority
class-map match-any low-priority
match access-group name lowpriority
### ok here we are just defining some "classes" of service, for instance the
class "normal-priority" is ANYthing that matches the access-list named
"normalpriority" which you will see below
!
policy-map shapetraffic
class high-priority
shape peak 1544000
bandwidth percent 40
class normal-priority
shape peak 10000000
bandwidth percent 40
class low-priority
shape peak 1544000
bandwidth percent 20
### here is where we define the actual policy for this.. we create a policy
called "shapetraffic" and then we put the three classes from above into it
and assign each a bandwidth. Notice that I have defined a PEAK value of a
T1 to high-priority.. means IF the bandwidth is available this class is
allowed to use UP TO 1.544mbps. When that bandwidth is NOT available it is
GUARANTEED at LEAST 40% of the available bandwidth on whatever interface
this policy is assigned to. That means that if this one policy is assigned
to two T1s then it will have 2x(.40x1.544mbps) of bandwidth guaranteed to it
but never allowed more than 1.544mbps on ALL interfaces. You can also see
that I have defined a few numbers for the other two, normal (catch all
really) and low which only gets 20% when bandwidth is constrained.
!
interface Serial1/0
description Serial To UUnet
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay IETF
no ip mroute-cache
service-policy input drop-inbound-http-hacks
service-policy output shapetraffic
frame-relay lmi-type ansi
### ok here is where we apply the policy just so you can see it in context I
am leaving a bunch of other stuff in there.. the thing to see is the
"service-policy output shapetraffic". Can be applied to ANY interface (not
subinterfaces with the way I have this setup) but only on OUTPUT.. so if you
want it both ways, you need to put it on the ethernet interface too.
!
### the following are the access lists for above. high priority includes
games, interactive sessions (such as telnet, SSH, Windows Remote Desktop,
etc.) Low includes the file sharing programs and smtp.
ip access-list extended highpriority
permit tcp any any eq 22
permit tcp any any eq telnet
permit tcp any any eq 1494
permit udp any any eq 1604
permit udp any any eq 1701
permit udp any any eq 1723
permit tcp any any range 3230 3235
permit udp any any range 3230 3235
permit tcp any any eq 3389
permit tcp any any eq 4000
permit tcp any any eq 5631
permit udp any any eq 5632
permit tcp any any eq 6112
permit udp any any eq 6112
permit udp any any range 27000 29999
deny ip any any
ip access-list extended lowpriority
permit tcp any any eq nntp
permit tcp any any eq smtp
permit tcp any any eq 1214
permit tcp any any eq 6346
permit udp any any eq 6346
permit tcp any any eq 6699
deny ip any any
ip access-list extended normalpriority
deny tcp any any eq nntp
deny tcp any any eq smtp
deny tcp any any eq 1214
deny tcp any any eq 6346
deny udp any any eq 6346
deny tcp any any eq 6699
permit ip any any
----- Original Message -----
From: "Bill Fisher" <fisher@akorn.net>
To: <karlnet@WISPNotes.com>
Sent: Tuesday, June 11, 2002 6:39 PM
Subject: RE: [Karlnet] Filtering GNUTela, Morpheus, Kazaa, etc
>
> > where do you want to filter them? At the AP? Router?
>
> So this is a good question! I know NOTHING about Cisco's OS. I'm going
to
> change that this fall. :) I am using a 2610 as our border router right
> now. I didn't know I could prioritize traffic on the Cisco. So, anything
> you can say about that would be welcome (albeit off topic).
>
> Thanks
>
> Bill
>
> _______________________________________________
> Karlnet mailing list
> Karlnet@WISPNotes.com
> http://lists.wispnotes.com/mailman/listinfo/karlnet
>
|