qos实验手册(终版)

qos实验手册(终版)内容摘要：

实验、利用 NBAR 创建 PDLM ip nbar custom feng01 tcp 1524 27665 ip nbar custom feng02 udp 31335 27444 上面所建立的就是一个 DDOS 的攻击特性 r2(config)classmap DDOS r2(configcmap)match protocol feng01 r2(configcmap)match protocol feng02 r2(config)policymap DDOSDENY r2(configpmap)class DDOS r2(configpmapc)drop r2(configpmap)int s1/0 r2(configif)servicepolicy in DDOSDENY 实验、利用下载的 PDLM 做过滤 R1(config)ip nbar pdlm // 是 tftp 服 务器的地址 需求：干掉 bt 下载，你从 cisco 网站，下载一个 bt 的 pdlm，copy 你的路由器的 flash *你们可以下去下载各种 PDLM 实验二、利用 PBR 来做分类 1. 需求：客户希望 voip 的流量的优先级为 5， HTTP 的流量优先级为4， tel 的流量优先级为 3， ftp 的流量优先级为 2，其他的流量优先级为 1. 2. 把上面的场景搭建出来，并且配置好流量发生。 3. 利用访问控制列表来抓取这个流量 r2sh accesslist Extended IP access list 101 10 permit ip host host （抓取的是 voip 的流量） Extended IP access list 102 10 permit tcp any any eq （抓取的 流量） Extended IP access list 103 10 permit tcp any any eq tel （抓取的 tel 流量） Extended IP access list 104 10 permit tcp any any eq ftpdata （抓取的是 ftp 流量） 20 permit tcp any any eq ftp PBR 来进行优先级的配置 r2sh routemap fxh 名称叫 fxh routemap fxh, permit, sequence 10 第一条策略，序号为 10 Match clauses: ip address (accesslists): 101 抓取的 acl 是 101 Set clauses: ip precedence critical 设置的优先级为 5 Policy routing matches: 0 packets, 0 bytes （ 0 代表是策略没有起作用） routemap fxh, permit, sequence 20 Match clauses: ip address (accesslists): 102 Set clauses: ip precedence flashoverride Policy routing matches: 0 packets, 0 bytes routemap fxh, permit, sequence 30 Match clauses: ip address (accesslists): 103 Set clauses: ip precedence flash Policy routing matches: 0 packets, 0 bytes routemap fxh, permit, sequence 40 Match clauses: ip address (accesslists): 104 Set clauses: ip precedence immediate Policy routing matches: 0 packets, 0 bytes routemap fxh, permit, sequence 50 Match clauses: Set clauses: ip precedence priority Policy routing matches: 0 packets, 0 bytes 4. 调用到接口上 r2(config)int s1/0 r2(configif)ip policy routemap fxh 5. 测试一下配置的结果 r2sh routemap routemap fxh, permit, sequence 10 Match clauses: ip address (accesslists): 101 Set clauses: ip precedence critical Policy routing matches: 0 packets, 0 bytes routemap fxh, permit, sequence 20 Match clauses: ip address (accesslists): 102 Set clauses: ip precedence flashoverride Policy routing matches: 10 packets, 505 bytes routemap fxh, permit, sequence 30 Match clauses: ip address (accesslists): 103 Set clauses: ip precedence flash Policy routing matches: 4 packets, 180 bytes routemap fxh, permit, sequence 40 Match clauses: ip address (accesslists): 104 Set clauses: ip precedence immediate Policy routing matches: 2 packets, 96 bytes routemap fxh, permit, sequence 50 Match clauses: Set clauses: ip precedence priority Policy routing matches: 8231 packets, 2033573 bytes 6. 查询 cef 快速转发的命令： r1sh adjacency detail 查询我们的 CEF 的邻居信息，后面必须跟detail 参数 Protocol Interface Address IP Serial1/0 point2point(15) 0 packets, 0 bytes 0F000800 CEF expires: 00:02:01 refresh: 00:00:01 Epoch: 0 r1sh ip cef 查询的是快速转发表，注意后面的参数 试验三、 QPPB 的一个试验 试验步骤： 1. 配置链路层 r1 r1 r1 r1 r1sh run Building configuration... Current configuration : 1419 bytes ! version service timestamps debug datetime msec service timestamps log datetime msec no service passwordencryption ! hostname r1 ! bootstartmarker bootendmarker ! enable password cisco ! no aaa newmodel memorysize iomem 5 ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address ! interface FastEther0/0 no ip address shutdown duplex auto speed auto ! interface FastEther0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 ip address serial restartdelay 0 ! interface Serial1/1 no ip address shutdown serial restartdelay 0 ! interface Serial1/2 no ip address shutdown serial restartdelay 0 ! interface Serial1/3 no ip address shutdown serial restartdelay 0 ! ! router ospf 100 routerid logadjacencychanges work area 0 ! router bgp 24 no synchronization bgp routerid bgp logneighborchanges neighbor remoteas 12 no autosummary ! ! ! ip server no ip secureserver ! ! ! ! ! controlplane ! ! ! ! ! ! ! ! ! alias exec a sh ip int brief alias exec b sh ip route alias exec c sh ip route rip alias exec d sh run ! line con 0 exectimeout 0 0 logging synchronous line aux 0 exectimeout 0 0 logging synchronous line vty 0 4 exectimeout 0 0 password cisco login ! ! End r2sh run Building configuration... Current configuration : 1465 bytes ! version service timestamps debug datetime msec service timestamps log datetime msec no service passwordencryption ! hostname r2 ! bootstartmarker bootendmarker ! enable password cisco ! no aaa newmodel memorysize iomem 5 ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address ! interface FastEther0/0 no ip address shutdown duplex aut。