说明：

       一家子公司使用2M专线上网，内部网段为192.168.23.0/24（普通员工）和192.168.24.0/24（总经办所在的VLAN），其中路由器IP地址为：192.168.23.1，内部cisco3560交换机IP为：192.168.23.254。现需要作流量控制，使总经办的流量比较优先，并优先传送一些声音与视频及网管流量。其它的服务如：smtp、pop3及ftp等为低优先级，并禁止bt下载等。

配置如下：

Current configuration : 3590 bytes

!

!

version 12.3

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname xxxxxx

!

enable secret 5 $44adf#dfdfj090$on

!

clock timezone China 8

ip subnet-zero

no ip source-route

ip cef

!

!

ip name-server 192.168.23.2

ip name-server x.x.x.x

!

no ip bootp server

!

ip nbar pdlm flash:bittorrent.pdlm

 

class-map match-any premium_class

description For premium

match protocol http

match protocol icmp

match protocol netshow

match protocol pcanywhere

match protocol realaudio

match protocol secure-http

match access-group 111

注：以上有省略，嘿嘿!

class-map match-any normal_calss

description For normal

match protocol ftp

match protocol imap

match protocol pop3

match protocol smtp

match access-group 110

class-map match-any bt_download

description For drop

match protocol bittorrent

!

!

policy-map qos_policy_map

class premium_class

bandwidth percent 50

random-detect

random-detect exponential-weighting-constant 4

police cir 2000000 bc 10000 be 10000

conform-action transmit

exceed-action transmit

class normal_calss

bandwidth percent 25

random-detect

random-detect exponential-weighting-constant 4

police cir 2000000 bc 2000 be 2000

conform-action transmit

exceed-action drop

class bt_download

   drop

!

!

!

!

interface FastEthernet0/0

ip address 192.168.23.1 255.255.255.0

ip verify unicast reverse-path

ip nat inside

ip route-cache same-interface

ip route-cache policy

duplex auto

speed auto

no cdp enable

!

interface Serial0/0

bandwidth 2048

ip address 210.88.44.x 255.255.255.252

ip verify unicast reverse-path

no ip proxy-arp

ip nat outside

rate-limit input 2000000 20000 20000 conform-action transmit exceed-action drop

ip route-cache policy

service-policy output qos_policy_map

no cdp enable

!

ip nat inside source list 10 interface Serial0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 210.88.44.y

ip route 192.168.24.0 255.255.255.0 192.168.23.254

no ip http server

!

!

access-list 10 remark NAT

access-list 10 permit 192.168.23.0 0.0.0.255

access-list 10 permit 192.168.24.0 0.0.0.255

access-list 110 remark normal

access-list 110 permit ip 192.168.23.0 0.0.0.255 any

access-list 111 remark premium

access-list 111 permit ip 192.168.24.0 0.0.0.255 any

no cdp run

!

banner motd ^cml system router !!!^C

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password 7 121A0C0411045D5D7C

login

!

!

!

end

注：互联网带宽为2M，故WRED中的指数加权因子为4，最小阀值为5，最大阀值为17，标记几率分母为1。