OmniSwitch交换机QoS配置常用命令

1730阅读 0评论2013-07-01 xiaoyuer5555
分类:

ACL部分:


aclman# time-range demo_abs_time
aclman# absolute start 12:30 1 january 2004 end 16:00 december 2004
aclman# time-range demo_per_time
aclman# periodic monday wednesday 10:00 to 16:00
aclman# access-list 100 permit any any time-range demo_abs_time

interface ethernet 1/1
ip access-group 10 in
ip access-group ext_demo out

aclman# write memory
alcman# import /flash/working/demo_acl.txt
aclman# ip access-list resequence demo_acl 10 5
aclman# configure replace
aclman# access-list 10 permit any log

aclman acl be saved /flash/working/aclman.cfg file

for example:>
  aclman# show running-config
         access-list 1 deny 10.1.1.1
         access-list 1 permit any
         ip access-list extended allow_http
         permit tcp 10.0.0.0 255.0.0.0 host 10.2.2.2 eq www log
         ip access-list extended test_acl_extende
         permit host 1.1.1.1 host 1.2.2.2 eq 1
         permit udp any any
   interface ethernet 1/1
         ip access-group allow_http in
   end


FOR EXAMPLE:

1:   拒绝一个客户端与另外的客户端通信:
        policy condition denyip souce ip 192.168.11.5 destination ip 192.168.1.4
        policy action denyip disposition deny
        policy rule denyip condistion denyip action denyip
        qos apply

2:   拒绝一个客户端与所有的客户通信
        3-> policy condition denyip source ip 192.168.11.5 destination ip any 
        3-> policy action denyip disposition deny
        3-> policy rule denyip condition denyip action denyip
        3-> qos apply

3: 删除某一规则:
        3-> no policy rule denyip
        3-> qos apply

4:  拒绝一个网络访问另外一个网络:
        ! QOS :
policy network group network100 192.168.100.0 mask 255.255.255.0
policy network group network3 3.3.3.0 mask 255.255.255.0
policy condition denyip source ip 192.168.100.100 destination ip 3.3.3.3
policy condition denynetwork source network group network100 destination network
 group network3
policy action denyip disposition deny
policy action denynetwork disposition deny
policy rule denyip condition denyip action denyip
policy rule denynetwork condition denynetwork action denynetwork
qos apply

5:  拒绝一个客户端访问一个网络:
    policy network group networkx 192.168.1.0 mask 255.255.255.0
    policy condition denyip source ip 192.168.2.1 destination network group networkx
    policy action denyip disposition deny
    policy rule denyip condition denyip action denyip
    qos apply


6:  拒绝一个网络访问客户端:
   
1-> policy network group vlan3 192.168.3.0 mask 255.255.255.0
1-> policy condition denyvlan3 source network group vlan3 destination ip 1.1.1.1
1-> policy action denyvlan1 disposition deny
1-> policy rule denyvlan3 condition denyvlan3 action denyvlan1
1-> qos apply

7:  拒绝一个物理地址访问任何网络

  
6850-4# policy condition dd source mac 11:11:11:11:11:11 destination ip any
6850-4# policy action dd disposition deny
6850-4# policy rule dd condition dd action dd
6850-4# qos apply
6850-4#

8: arp x.x.x.x x:x:x:X:x:X

QOS部分:

policy condition ip_traffic source ip 192.168.1.0 mask 255.255.255.0
policy action high priority 7
policy rule rule1 condition ip_traffic action high
qos apply

policy condition ip_traffic2 source ip 192.168.1.1
policy action flowshape maximum bandwidth 100k
policy rule rule2 condition ip_traffic2 action flowshape
qos apply

policy condition icmpcondition ip protocol 1
policy action icmpaction disposition deny
policy rule icmprule condition icmpconditon action icmpaction
qos apply

 

qos port 2/7 trusted
policy condition traffic destination port 2/7 802.1p 4
policy action setbit 802.1p 7
policy rule rules condition traffic action setbit
qos apply


qos port 2/7 default 802.1p 7

qos trust ports


qos port 2/6 trusted
qos apply


policy conditon c1 destination ip 1.1.1.1 destination tcp port 23
policy action bw minimum bandwidth 100k maximum bandwidth 300k
policy rule telnet_rule condition c1 action bw reflexive
qos apply


policy rule telnet_rule precedence 1000 condition c1 action bw reflexive


show active policy rule


policy network group
policy service group
policy mac group
policy port group


policy service telnet1 protocol 6 destination ip port 23
policy service ftp1 destination tcp port 21
policy service group tel-file telnet1 ftp1

 

policy port group visitor_ports 2/1 3/1-24
policy condition ports source port group vistor_ports
policy action maxbw maximum bandwidth 100k
policy rule vistorportrule condition ports action maxbw

acl:

policy condition addr2 source ip 192.168.2.0 source ip port 23 ip protocol 6
policy action block disposition deny
policy rule filterl31 condition addr2 action block
qos apply

protocol 1 双方都拒绝
ip to ip 拒绝单一ip
ip to network 拒绝

上一篇:Alcatel OmniSwitch 交换机命令
下一篇:Excel多条件查找