juniper限速
#设置带宽
set firewall policer limit-1m if-exceeding bandwidth-limit 1m
set firewall policer limit-1m if-exceeding burst-size-limit 1500
set firewall policer limit-1m then discard
#设置filter
set firewall family inet filter ssh-limit-1m term 1 from port 22
set firewall family inet filter ssh-limit-1m term 1 then policer limit-1m
set firewall family inet filter ssh-limit-1m term 1 then accept
set firewall family inet filter ssh-limit-1m term any then accept
#绑定接口
set interfaces reth2 unit 17 family inet filter input ssh-limit-1m
set interfaces reth2 unit 17 family inet filter output ssh-limit-1m
asa5520流量限速配置
根据单ip限速
一、创建acl规则
access-list rate_limit_1 extended permit ip any host 192.168.99.2 //限制下载
access-list rate_limit_1 extended permit ip host 192.168.99.2 any //限制上传
二、创建class-map
class-map rate_limit_1
match access-list rate_limit_1
!
policy-map rate_limit
class rate_limit_1
police input 819000 4368000 //(限制上传速度为99K/S)
police output 819000 4368000 //(限制下载速度为99K/S)
#前一个是基本速率,后一个是突发流量。
三、绑定接口
service-policy rate_limit interface dmz_99 //(应用到内网接口上)
根据网段限速
一、创建acl规则
access-list pol extended permit ip any 192.168.98.0 255.255.255.0
access-list pol extended permit ip 192.168.98.0 255.255.255.0 any
二、创建class-map
class-map pol
match access-list pol
!
policy-map pol
class pol
police input 3276500 600000 //限制上传速度为400K/S
police output 26214000 5000000 //限制下载速度为3M/S
三、绑定接口
service-policy pol interface dmz_98
使用object-group对象分组的方法
一、创建object-group
object-group network rate_limit
network host 192.168.97.5
network 192.168.97.0 255.255.255.0 //将需要限制流量的ip或段加入其中
二、创建acl规则
access-list rate_limit extended permit ip object-group rate_limit any
access-list rate_limit extended permit ip any object-group rate_limit
三、创建class-map
class-map map1
match access-list rate_limit
!
policy-map map2
class map1
police output 200000 43750
police input 800000 250000
四、绑定接口
service-policy map2 interface dmz_97