[ninux-not-wireless] [ninux-roma] Configurazione di class based traffic policing su router cisco

Alessandro Gnagni enterprise.nx at gmail.com
Sun Dec 9 17:38:05 CET 2012 

una volta inserito senza errori:
service-policy output shapeout
service-policy input shapein
nella pvc batto exit e le voci scompaiono.
cercando su internet ho trovato gente che ha riscontrato questo errore
sempre su un 877

:  GTS : Not supported over ATM VCs
:  Service policy detach failed

allego config router spero possa aiutare.

forse il policing funzionerebbe?



Il 09/12/2012 01.24, Stefano Ninux ha scritto:
> Premessa: non ho idea della tua topologia di rete quindi ....
> 
> Il CBWFQ (Class-Based Weighted Fair Queueing) utilizzato per fare
> shaping non รจ applicabile alle interfacce virtuali come la dialer... ora
> non so la tua configurazione ma potresti provare ad applicare la policy
> map alla tua interfaccia fisica (che dovrebbe essere la ATM0 o ATM0/0.1
> se hai un'interfaccia DSL...) ma dipende molto dal tipo di conf che hai
> fatto...
> 
> Alla fine comunque dovresti avere qualcosa del genere:
> 
> ip access-list extended 110
> deny ip 10.135.2.0 0.0.0.255 any
> permit ip 10.0.0.0 0.255.255.255 any
> permit ip 192.168.0.0 0.0.255.255 any
> permit ip 172.16.0.0 0.15.255.255 any
> 
> class-map shappolout
>    match access-group 110
> 
> policy-map shapeout
>     class class-default
>      shape average 150000 25000 0
>      service-policy outbound
> 
> interface ATM0/0/0.1 point-to-point  
>  pvc 8/35  
>   encapsulation aal5snap  
>   protocol pppoe  
>   service-policy output shapeout
> 
> 
> Ciae
> 
> P.S. Studiati il link che ti ha dato Saverio .... !! :-)
> 
-------------- next part --------------
Current configuration : 7180 bytes
!
! Last configuration change at 17:30:41 GMT Sun Dec 9 2012 by hal
! NVRAM config last updated at 17:34:52 GMT Sun Dec 9 2012 by hal
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone GMT 1
clock summer-time GMT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-379555922
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-379555922
 revocation-check none
 rsakeypair TP-self-signed-379555922
!
!
crypto pki certificate chain TP-self-signed-379555922
 certificate self-signed 02
  30820245 308201AE A0030201 02020102 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33373935 35353932 32301E17 0D303931 30313832 30353031 
  305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 39353535 
  39323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  A7009862 FDF16B8F 7A37BD81 5A1681D1 574D66F2 63B1125D A6F557A7 16D1920E 
  9206ABD0 B80F3DD0 C63F1438 399822D6 A66DF6E2 1B5CA655 D50DFC1F 9DE2E21D 
  8BA9879B 91605D09 2ED0EE34 19C317C5 C49CEDDA 908D3D50 303AD2F1 9AF31CAF 
  C119AE5E AE1A152A 71D22C65 F9748A1D D80D601D 0526E3ED E67FB013 48D2C949 
  02030100 01A36F30 6D300F06 03551D13 0101FF04 05300301 01FF301A 0603551D 
  11041330 11820F43 6973636F 3837372E 68616C6E 6574301F 0603551D 23041830 
  1680147B 3B35B919 816896BB 4A175FEF 1A0AFBD5 098F2130 1D060355 1D0E0416 
  04147B3B 35B91981 6896BB4A 175FEF1A 0AFBD509 8F21300D 06092A86 4886F70D 
  01010405 00038181 0062B35F A1111274 AC1428BD 5D11264F 0A37A109 A1AC2035 
  36028D99 05968D67 01045208 4E19E52A BEEF15BD 25BE365D ECC7EB60 B70161F2 
  A9044091 B68C67FB 3F3663F4 1BB04382 779E7822 67083AAF F8FA4D92 C5F19684 
  20BC6F6A AFFDAB5A 1D8AE9EC 75185D31 2BCDC5A5 43C978F5 57BE8E03 49B6AFC1 
  40071733 185AFD2D 56
  	quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.135.2.1 10.135.2.10
!
ip dhcp pool halnet
   network 10.135.2.0 255.255.255.128
   bootfile openwrt-adm5120-2.6-vmlinux.elf
   next-server 10.135.2.3 
   default-router 10.135.2.1 
   dns-server 8.8.8.8 8.8.4.4 
   lease 2
!
!
no ip domain lookup
ip domain name halnet
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
username hal privilege 15 secret 5 $1$RFSS$NtyBJ7kaeLycUJTjiZeKA0
! 
!
crypto isakmp policy 9
 hash md5
 authentication pre-share
!
archive
 log config
  hidekeys
!
!
!
class-map match-all shappolout
 match access-group 110
class-map match-all shappolin
 match access-group 111
!
!
policy-map outbound
 class shappolout
policy-map shapeout
 class class-default
  shape average 150000 25000 0
  service-policy outbound
policy-map inbound
 class shappolin
policy-map shapein
 class class-default
  shape peak 2000000 50000 0
  service-policy inbound
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description Verso Libero ADSL2+
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.135.2.1 255.255.255.128
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname liberoadsl
 ppp chap password 0 liberoadsl
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.0.0.0 10.135.2.5
ip route 172.16.0.0 255.240.0.0 10.135.2.5
ip route 176.62.53.192 255.255.255.224 10.135.2.5
ip route 192.168.0.0 255.255.0.0 10.135.2.5
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.135.2.3 21 interface Dialer0 21
ip nat inside source static tcp 10.135.2.3 990 interface Dialer0 990
ip nat inside source static tcp 10.135.2.3 22200 interface Dialer0 22200
ip nat inside source static tcp 10.135.2.3 22201 interface Dialer0 22201
ip nat inside source static tcp 10.135.2.3 22202 interface Dialer0 22202
ip nat inside source static tcp 10.135.2.3 22203 interface Dialer0 22203
ip nat inside source static tcp 10.135.2.3 22204 interface Dialer0 22204
ip nat inside source static tcp 10.135.2.3 22205 interface Dialer0 22205
ip nat inside source static tcp 10.135.2.3 22206 interface Dialer0 22206
ip nat inside source static tcp 10.135.2.3 22207 interface Dialer0 22207
ip nat inside source static tcp 10.135.2.3 22208 interface Dialer0 22208
ip nat inside source static tcp 10.135.2.3 22209 interface Dialer0 22209
ip nat inside source static tcp 10.135.2.3 22210 interface Dialer0 22210
ip nat inside source static udp 10.135.2.3 24443 interface Dialer0 24443
ip nat inside source static tcp 10.135.2.3 24442 interface Dialer0 24442
ip nat inside source static tcp 10.135.2.3 27260 interface Dialer0 27260
ip nat inside source static udp 10.135.2.3 27260 interface Dialer0 27260
ip nat inside source static tcp 10.135.2.5 22 interface Dialer0 222
ip nat inside source static tcp 10.135.2.4 3074 interface Dialer0 3074
ip nat inside source static udp 10.135.2.4 3074 interface Dialer0 3074
ip nat inside source static tcp 10.135.2.2 6112 interface Dialer0 6112
ip nat inside source static udp 10.135.2.2 6112 interface Dialer0 6112
ip nat inside source static tcp 10.135.2.3 19115 interface Dialer0 19115
ip nat inside source static udp 10.135.2.3 19115 interface Dialer0 19115
ip nat inside source static tcp 10.135.2.9 8291 interface Dialer0 8291
ip nat inside source static tcp 10.135.2.3 80 interface Dialer0 80
ip nat inside source static tcp 10.135.2.7 22 interface Dialer0 223
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 110 deny   ip 10.135.2.0 0.0.0.255 any
access-list 110 permit ip 10.0.0.0 0.255.255.255 any
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
access-list 110 permit ip 172.16.0.0 0.15.255.255 any
access-list 111 deny   ip any 10.135.2.0 0.0.0.255
access-list 111 permit ip any 10.0.0.0 0.255.255.255
access-list 111 permit ip any 192.168.0.0 0.0.255.255
access-list 111 permit ip any 172.16.0.0 0.15.255.255
dialer-list 1 protocol ip permit
snmp-server community public RO 4
no cdp run
!
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 1 in
 privilege level 15
 password ***********
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
end

More information about the Not-wireless mailing list