|
|
简介
CISCO3550交换机作为我们单位的核心网络交换机,已经稳定运行了多年,功能上也能满足我们的需求,但是其端口限速功能却不像其它的一些交换机那样容易实现,好在最近找到了实现的办法,配置完成后,配合iperf这款测速软件进行验证,结果证明这个方法是行之有效的,下面是具体实现步骤。
一、创建ACL
由于这是一台三层交换机,所以虽然是对端口进行限速,但是还要考虑这个端口上通过的网络地址,本例中,我们选择对CISCO3550交换机的第22口进行限速,该端口属于VLAN66,IP地址段为10.66/16,所以首先要创建一个ACL,如下所示:
3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550(config)#access-list 15 permit 10.66.0.0 0.0.255.255
二、创建class-map
3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550(config)#class-map dkxs
3550(config-cmap)#match access-group 15
这一步操作的主要目的就是创建了一个class-map,在这里面引用了我们事先创建好的ACL 15,方便我们以后对22端口进行操作。
三、创建policy-map
出于测试的需要,我们创建了多个policy-map,分别设置不同的限制带宽,如80k,1m,5m,10m,分别如下:
3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550(config)#policy-map 80k
3550(config-pmap)#class dkxs
3550(config-pmap-c)# police 80000 8000 exceed-action drop
3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550(config)#policy-map 1m
3550(config-pmap)#class dkxs
3550(config-pmap-c)# police 1000000 100000 exceed-action drop
3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550(config)#policy-map 5m
3550(config-pmap)#class dkxs
3550(config-pmap-c)# police 5000000 500000 exceed-action drop
3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550(config)#policy-map 10m
3550(config-pmap)#class dkxs
3550(config-pmap-c)# police 10000000 1000000 exceed-action drop
四、查看配置信息
3550#show run
policy-map 5m
class dkxs
police 5000000 500000 exceed-action drop
policy-map 1m
class dkxs
police 1000000 100000 exceed-action drop
policy-map 80k
class dkxs
police 80000 8000 exceed-action drop
policy-map 10m
class dkxs
police 10000000 1000000 exceed-action drop
五、通过iperf软件进行验证
即先在一台服务器上运行iperf的服务器端,命令如下:
F:\tools>iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
然后在交换机的22口上分别应用表示不同速率的policy-map,每应用一次,通过一台连接到22端口的笔记本电脑运行iperf的客户端,进行端口速率测试,结果分别如下:
(交换机设置)
3550(config-if)#service-policy input 80k
(IPERF客户端测试结果)
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1147 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-12.5 sec 104 KBytes 68.3 Kbits/sec
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1151 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-12.0 sec 104 KBytes 70.8 Kbits/sec
(交换机设置)
3550(config-if)#service-policy input 1m
(IPERF客户端测试结果)
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1155 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.5 sec 1.08 MBytes 860 Kbits/sec
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1159 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.0 sec 1.09 MBytes 910 Kbits/sec
(交换机设置)
3550(config-if)#service-policy input 5m
(IPERF客户端测试结果)
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1163 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.5 sec 5.84 MBytes 4.67 Mbits/sec
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1167 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.7 sec 5.98 MBytes 4.68 Mbits/sec
(交换机设置)
3550(config-if)#service-policy input 10m
(IPERF客户端测试结果)
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1171 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.1 sec 11.8 MBytes 9.83 Mbits/sec
F:\tools>iperf -c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1175 connected with 10.66.66.8 port 5001
[ ID] Interval Transfer Bandwidth
[1912] 0.0-10.2 sec 12.0 MBytes 9.87 Mbits/sec
为了使测试的结果更准确,每种速率下都进行了两次测试,从测试的结果看,端口限速确实生效了。
来源:比特网 |
|
IP卡
狗仔卡
发表于 2011-3-1 21:02:19
收藏
顶
踩
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2011-3-28 09:49:10
发表于 2011-4-22 17:07:36
顶一下