Cisco-Asa
思科 ASA 整形
我正在嘗試在我的 5505 上調整形狀。我可以進行通常的監管,但與監管一樣,它會上下波動,不會產生最佳結果。
在嘗試創建自己的類映射時,我收到有關 的消息
ERROR: 'shape' can only be configured for class "class-default",但我無法找到一種方法來通過埠綁定類預設映射。這是我在嘗試自己的課程和政策時得到的:
ASA(config)# class-map test ASA(config-cmap)# match port tcp eq 80 ASA(config-cmap)# exit ASA(config)# policy-map test ASA(config-pmap)# ? MPF policy-map configuration commands class Policy criteria description Specify policy-map description exit Exit from MPF policy-map configuration mode help Help for MPF policy-map configuration commands no Negate or set default values of a command rename Rename this policy-map <cr> ASA(config-pmap)# class test ASA(config-pmap-c)# ? MPF policy-map class configuration commands: exit Exit from MPF class action configuration mode help Help for MPF policy-map class/match submode commands no Negate or set default values of a command police Rate limit traffic for this class priority Strict scheduling priority for this class quit Exit from MPF class action configuration mode service-policy Configure QoS Service Policy set Set connection values shape Traffic Shaping user-statistics configure user statistics for identity firewall <cr> csc Content Security and Control service module flow-export Configure filters for NetFlow events inspect Protocol inspection services ips Intrusion prevention services ASA(config-pmap-c)# shape ? mpf-policy-map-class mode commands/options: average configure token bucket: CIR (bps) [Bc (bits)], send out Bc only per interval ASA(config-pmap-c)# shape av ASA(config-pmap-c)# shape average ? mpf-policy-map-class mode commands/options: <64000-154400000> Target Bit Rate (bits per second), the value needs to be multiple of 8000 ASA(config-pmap-c)# shape average 64000 ERROR: 'shape' can only be configured for class "class-default" ASA(config-pmap-c)#現在,離開類預設類,這是我可以做的:
ASA(config)# policy-map tester ASA(config-pmap)# ? MPF policy-map configuration commands class Policy criteria description Specify policy-map description exit Exit from MPF policy-map configuration mode help Help for MPF policy-map configuration commands no Negate or set default values of a command rename Rename this policy-map <cr> ASA(config-pmap)# class class-default ASA(config-pmap-c)# ? MPF policy-map class configuration commands: exit Exit from MPF class action configuration mode help Help for MPF policy-map class/match submode commands no Negate or set default values of a command police Rate limit traffic for this class priority Strict scheduling priority for this class quit Exit from MPF class action configuration mode service-policy Configure QoS Service Policy set Set connection values shape Traffic Shaping user-statistics configure user statistics for identity firewall <cr> csc Content Security and Control service module flow-export Configure filters for NetFlow events inspect Protocol inspection services ips Intrusion prevention services如您所見,我沒有選擇通過埠等限制。
有什麼想法可以實現這一目標嗎?
為了完整起見,這裡是 sh 版本:
ASA(config-pmap-c)# sh ver Cisco Adaptive Security Appliance Software Version 8.4(2) Device Manager Version 6.4(5)206 Compiled on Wed 15-Jun-11 18:17 by builders System image file is "disk0:/asa842-k8.bin" Config file at boot was "startup-config" ASA up 2 hours 7 mins Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW016 @ 0xfff00000, 2048KB Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06 Number of accelerators: 1 0: Int: Internal-Data0/0 : address is e05f.b9ab.be21, irq 11 1: Ext: Ethernet0/0 : address is e05f.b9ab.be19, irq 255 2: Ext: Ethernet0/1 : address is e05f.b9ab.be1a, irq 255 3: Ext: Ethernet0/2 : address is e05f.b9ab.be1b, irq 255 4: Ext: Ethernet0/3 : address is e05f.b9ab.be1c, irq 255 <--- More --->謝謝
簡短的回答是,從目前版本 (ASA 8.4.2) 開始,無法
shape對特定流量執行傳統 QoS。ASA 只能將給定介面上的shape所有流量以指定速率。