我正试图在5505上进行交通pipe理。我可以像平时一样进行警务,但是一如既往地执行警务工作,它会上下起伏,不会达到最佳效果。
我得到关于ERROR: 'shape' can only be configured for class "class-default"的信息ERROR: 'shape' can only be configured for class "class-default" ,当试图创build我自己的class级地图,虽然我不能找出一种方法来绑定类默认地图向下港口。
以下是我尝试自己的class级和政策时所得到的结果:
ASA(config)# class-map test ASA(config-cmap)# match port tcp eq 80 ASA(config-cmap)# exit ASA(config)# policy-map test ASA(config-pmap)# ? MPF policy-map configuration commands class Policy criteria description Specify policy-map description exit Exit from MPF policy-map configuration mode help Help for MPF policy-map configuration commands no Negate or set default values of a command rename Rename this policy-map <cr> ASA(config-pmap)# class test ASA(config-pmap-c)# ? MPF policy-map class configuration commands: exit Exit from MPF class action configuration mode help Help for MPF policy-map class/match submode commands no Negate or set default values of a command police Rate limit traffic for this class priority Strict scheduling priority for this class quit Exit from MPF class action configuration mode service-policy Configure QoS Service Policy set Set connection values shape Traffic Shaping user-statistics configure user statistics for identity firewall <cr> csc Content Security and Control service module flow-export Configure filters for NetFlow events inspect Protocol inspection services ips Intrusion prevention services ASA(config-pmap-c)# shape ? mpf-policy-map-class mode commands/options: average configure token bucket: CIR (bps) [Bc (bits)], send out Bc only per interval ASA(config-pmap-c)# shape av ASA(config-pmap-c)# shape average ? mpf-policy-map-class mode commands/options: <64000-154400000> Target Bit Rate (bits per second), the value needs to be multiple of 8000 ASA(config-pmap-c)# shape average 64000 ERROR: 'shape' can only be configured for class "class-default" ASA(config-pmap-c)#
现在,closures类的默认类,这里是我可以做的:
ASA(config)# policy-map tester ASA(config-pmap)# ? MPF policy-map configuration commands class Policy criteria description Specify policy-map description exit Exit from MPF policy-map configuration mode help Help for MPF policy-map configuration commands no Negate or set default values of a command rename Rename this policy-map <cr> ASA(config-pmap)# class class-default ASA(config-pmap-c)# ? MPF policy-map class configuration commands: exit Exit from MPF class action configuration mode help Help for MPF policy-map class/match submode commands no Negate or set default values of a command police Rate limit traffic for this class priority Strict scheduling priority for this class quit Exit from MPF class action configuration mode service-policy Configure QoS Service Policy set Set connection values shape Traffic Shaping user-statistics configure user statistics for identity firewall <cr> csc Content Security and Control service module flow-export Configure filters for NetFlow events inspect Protocol inspection services ips Intrusion prevention services
正如你所看到的,我没有select限制港口等。
任何想法我可以如何实现这一目标?
为了完整性,这里是sh ver:
ASA(config-pmap-c)# sh ver Cisco Adaptive Security Appliance Software Version 8.4(2) Device Manager Version 6.4(5)206 Compiled on Wed 15-Jun-11 18:17 by builders System image file is "disk0:/asa842-k8.bin" Config file at boot was "startup-config" ASA up 2 hours 7 mins Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW016 @ 0xfff00000, 2048KB Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06 Number of accelerators: 1 0: Int: Internal-Data0/0 : address is e05f.b9ab.be21, irq 11 1: Ext: Ethernet0/0 : address is e05f.b9ab.be19, irq 255 2: Ext: Ethernet0/1 : address is e05f.b9ab.be1a, irq 255 3: Ext: Ethernet0/2 : address is e05f.b9ab.be1b, irq 255 4: Ext: Ethernet0/3 : address is e05f.b9ab.be1c, irq 255 <--- More --->
谢谢
简单的答案是,从当前版本(ASA 8.4.2)开始,不可能对特定stream量执行传统的QoS shape 。 ASA只能将给定接口上的所有stream量调整为指定的速率。
请参阅“ASA QoSconfiguration指南”中的以下相关部分作为完整参考。 你也可能会觉得这很有趣 。