Cisco3550交换机上流量控制的实现

3550上接一PIX，VLAN 1中接有各种服务器（有公网映射IP），故各VLAN必须能访问服务器。

cr20g#show run

Building configuration...

Current configuration : 5488 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service passWord-encryption

!

hostname cr20g

!

enable secret 5 $1$Xtuj$E.l2l.ev7mOCVtwPeEXz1.

enable password 7 08771A1D5A4152404B0805172924

!

username jary password 7 070C285F4D0648564E43595B5D7E797179

ip subnet-zero

ip routing

!

mls qos

!

class-map match-all part6

match Access-group 116

class-map match-all part5

match access-group 115

class-map match-all part4

match access-group 114

class-map match-all part3

match access-group 113

class-map match-all part2

match access-group 112

!

!

policy-map download

class part2

police 1000000 8000 exceed-action drop

class part3

police 1800000 8000 exceed-action drop

class part4

police 496000 8000 exceed-action drop

class part5

police 496000 8000 exceed-action drop

class part6

police 800000 8000 exceed-action drop

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

interface FastEthernet0/1

switchport mode access

!

interface FastEthernet0/2

switchport mode access

!

interface FastEthernet0/3

switchport mode access

!

interface FastEthernet0/4

switchport mode access

!

interface FastEthernet0/5

switchport mode access

!

interface FastEthernet0/6

switchport mode access

!

interface FastEthernet0/7

switchport mode access

!

interface FastEthernet0/8

switchport mode access

!

interface FastEthernet0/9

switchport mode access

!

interface FastEthernet0/10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 2

switchport mode access

service-policy input download

!

interface FastEthernet0/12

switchport access vlan 2

switchport mode access

service-policy input download

!

interface FastEthernet0/13

switchport access vlan 2

switchport mode access

service-policy input download

!

interface FastEthernet0/14

switchport access vlan 3

switchport mode access

service-policy input download

!

interface FastEthernet0/15

switchport access vlan 4

switchport mode access

service-policy input download

!

interface FastEthernet0/16

switchport access vlan 5

switchport mode access

service-policy input download

!

interface FastEthernet0/17

switchport access vlan 6

switchport mode access

service-policy input download

!

interface FastEthernet0/18

switchport access vlan 6

switchport mode access

service-policy input download

!

interface FastEthernet0/19

switchport mode access

!

interface FastEthernet0/20

switchport mode access

!

interface FastEthernet0/21

switchport mode access

!

interface FastEthernet0/22

switchport mode access

!

interface FastEthernet0/23

switchport mode access

!

interface FastEthernet0/24

switchport mode access

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 192.168.0.254 255.255.255.0

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

!

interface Vlan4

ip address 192.168.4.1 255.255.255.0

!

interface Vlan5

ip address 192.168.5.1 255.255.255.0

!

interface Vlan6

ip address 192.168.6.1 255.255.255.0

!

ip default-gateway 192.168.0.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip http server

!

!

access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 112 permit ip 192.168.2.0 0.0.0.255 any

access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 113 permit ip 192.168.3.0 0.0.0.255 any

access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 114 permit ip 192.168.4.0 0.0.0.255 any

access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 115 permit ip 192.168.5.0 0.0.0.255 any

access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 116 permit ip 192.168.6.0 0.0.0.255 any

!

line con 0

password 7 14141B180F0B7B787D7961627B47554352

logging synchronous

login

line vty 0 4

password 7 104D000A061843585555787C7D7C616073

login

line vty 5 15

password 7 104D000A061843585555787C7D7C616073

login

!

end

cr20g#