要求:
研发部和管理部中均部署了网络视频设备,这些视频设备的MAC地址为000f-e2xx-xxxx,现要求限制这些设备仅有每天的8:30到18:00才能够向外网发送数据。
配置
1.QoS策略
Switch
定义时间
time-range working_time1 0:00 to 8:30 daily
time-range working_time2 18:00 to 24:00 daily
创建二层ACL 4000,并定义两条规则,分别为在time1和time2时间段内拒绝源MAC地址前缀为000f-e2的所有报文通过。
acl number 4000
rule 0 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-rang working_time1
rule 5 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-rang working_time2
定义流video,匹配acl 4000
traffic classifier video operator and
if-match acl 4000
定义流行为video,拒绝通过
traffic behavior video
filter deny
定义qos策略video,关联相应的流和流行为
qos policy video
classifier video behavior video
应用qos
int g1/0/1
qos apply policy video inbound
int g1/0/2
qos apply policy video inbound
完整配置
#
time-range time1 00:00 to 08:30 daily
time-range time1 18:00 to 24:00 daily
#
acl number 4000
rule 0 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-range time1
rule 5 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-range time2
#
interface GigabitEthernet1/0/1
packet-filter 4000 inbound
2.包过滤方式
time_range working_time1 0:00 to 8:30 daily
time_range working_time2 18:00 to 24:00 daily
acl number 4000
rule 0 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-rang working_time1
rule 5 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-rang working_time2
int gi1/0/1
packet-filter 4000 inbound
int gi 1/0/2
packet-filter 4000 inbound
完整配置
#
time-range time1 00:00 to 08:30 daily
time-range time1 18:00 to 24:00 daily
#
acl number 4000
rule 0 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-range time1
rule 5 deny source-mac 000f-e200-0000 ffff-ff00-0000 time-range time2
#
interface GigabitEthernet1/0/1
packet-filter 4000 inbound