Cisco Router, NBAR PDLM
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

+ Konuyu Cevapla
Toplam 9 sonuçtan 1 ile 9 arasındakiler gösteriliyor.
Cisco Router, NBAR PDLM

Merhabalar, istenmeyen trafiğin engellenmesinde kullanilan NBAR ile filtrelemede, bu filtremelerden bazi hostlarin istisna tutulması mümkünmdür. Münkünse nasıl ?? sevgiler, Y.C

  1. #1
    Yalcin Cekic Guest

    Standart Cisco Router, NBAR PDLM

    Merhabalar,

    istenmeyen trafiğin engellenmesinde kullanilan
    NBAR ile filtrelemede, bu filtremelerden bazi hostlarin
    istisna tutulması mümkünmdür. Münkünse nasıl ??

    sevgiler,

    Y.C

  2. #2
    Devrim Yener KUCUK Guest

    Standart re: Cisco Router, NBAR PDLM

    Merhaba

    Tanimlanan class da match eden unsurlari belirtiyosun.
    Class'i "match any" ya da "match all" seklinde tanimlayabilirsin. (by
    default macth all)

    ornek:
    class xxx
    match protocol http
    mat access-group xxx ==>

    Eger hicbir class'a match etmezse zaten otomatik tanimli "class-default" u
    kullanacaktir.

    Bence tanimladigin access-list range icine o class'dan yararlanmasi
    gerekmeyen hostlari koyma
    Bunun sorununu cozmesi gerekir


    Devrim


    ----- Original Message -----
    From: "Yalcin Cekic" <[email protected]>
    To: <[email protected]>
    Sent: Tuesday, June 24, 2003 1:39 PM
    Subject: [cisco-ttl] istenmiyen tirafik

    [color=blue]
    >
    > Merhabalar,
    >
    > istenmeyen trafiğin engellenmesinde kullanilan
    > NBAR ile filtrelemede, bu filtremelerden bazi hostlarin
    > istisna tutulması mümkünmdür. Münkünse nasıl ??
    >
    > sevgiler,
    >
    > Y.C

  3. #3
    Yalcin Cekic Guest

    Standart Re[2]: istenmiyen tirafik

    Merhaba Devrim,

    hocam valla cok yeni oldugudan cok anlamadim.
    ben acikca mevcut durumu yazayim. Boylece daha
    kolay olur benim icin
    sadece ilgili kisimlar.
    !
    ip nbar pdlm flash:kazaa2.pdlm
    class-map match-all gnutella
    match protocol gnutella
    class-map match-all kazaa2
    match protocol kazaa2
    class-map match-all fasttrack
    match protocol fasttrack
    policy-map p2p
    class kazaa2
    police cir 2048000 bc 384000 be 768000
    conform-action drop
    exceed-action drop
    class gnutella
    police cir 2048000 bc 384000 be 768000
    conform-action drop
    exceed-action drop
    class fasttrack
    police cir 2048000 bc 384000 be 768000
    conform-action drop
    exceed-action drop

    ve bunlar ilgili interface'lere
    "service-policy input p2p" ile ilgili interfacelere uygulaniyor.
    (aslinda orjinal dokumanda "service-policy out p2p"'da var)

    su anda bu is goruyor. Ama kimse cikamiyor.
    Bir delik nasil acarim.

    Simdiden tesekkurler,

    Y.C

    Tuesday, June 24, 2003, 4:08:16 PM, you wrote:

    DYK> Merhaba

    DYK> Tanimlanan class da match eden unsurlari belirtiyosun.
    DYK> Class'i "match any" ya da "match all" seklinde tanimlayabilirsin. (by
    DYK> default macth all)

    DYK> ornek:
    DYK> class xxx
    DYK> match protocol http
    DYK> mat access-group xxx ==>

    DYK> Eger hicbir class'a match etmezse zaten otomatik tanimli "class-default" u
    DYK> kullanacaktir.

    DYK> Bence tanimladigin access-list range icine o class'dan yararlanmasi
    DYK> gerekmeyen hostlari koyma
    DYK> Bunun sorununu cozmesi gerekir


    DYK> Devrim


    DYK> ----- Original Message -----
    DYK> From: "Yalcin Cekic" <[email protected]>
    DYK> To: <[email protected]>
    DYK> Sent: Tuesday, June 24, 2003 1:39 PM
    DYK> Subject: [cisco-ttl] istenmiyen tirafik

    [color=blue][color=green]
    >>
    >> Merhabalar,
    >>
    >> istenmeyen trafiğin engellenmesinde kullanilan
    >> NBAR ile filtrelemede, bu filtremelerden bazi hostlarin
    >> istisna tutulması mümkünmdür. Münkünse nasıl ??
    >>
    >> sevgiler,
    >>
    >> Y.C

  4. #4
    Devrim Yener KUCUK Guest

    Standart Re: Re[2]: istenmiyen tirafik

    Aslinda ilginc geldi bana

    Default olarak class-default'u kullanmasi lazim.

    Neden conform actionlar hep "drop", gnutella , kazaa2 ve fasttrack
    trafigini hic mi gecirmeyeceksin?

    yani sadece "exceed" e de drop diyebilirdin.

    class-defaultu kontrol ettin mi:
    class class-default
    police cir 2048000 bc 384000 be 768000
    conform-action transmit exceed-action drop


    bi de "sh police int ser x/y" ciktisini bi gonderir misin , interface e
    nasil apply olmus ve service policy default classi nasil kullanmis bakalim?

    bunu uyguladigin interface'in konfu, sh ver de lazim?


    devrim




    ----- Original Message -----
    From: "Yalcin Cekic" <[email protected]>
    To: "Devrim Yener KUCUK" <[email protected]>
    Sent: Tuesday, June 24, 2003 3:44 PM
    Subject: Re[2]: [cisco-ttl] istenmiyen tirafik

    [color=blue]
    >
    > Merhaba Devrim,
    >
    > hocam valla cok yeni oldugudan cok anlamadim.
    > ben acikca mevcut durumu yazayim. Boylece daha
    > kolay olur benim icin
    > sadece ilgili kisimlar.
    > !
    > ip nbar pdlm flash:kazaa2.pdlm
    > class-map match-all gnutella
    > match protocol gnutella
    > class-map match-all kazaa2
    > match protocol kazaa2
    > class-map match-all fasttrack
    > match protocol fasttrack
    > policy-map p2p
    > class kazaa2
    > police cir 2048000 bc 384000 be 768000
    > conform-action drop
    > exceed-action drop
    > class gnutella
    > police cir 2048000 bc 384000 be 768000
    > conform-action drop
    > exceed-action drop
    > class fasttrack
    > police cir 2048000 bc 384000 be 768000
    > conform-action drop
    > exceed-action drop
    >
    > ve bunlar ilgili interface'lere
    > "service-policy input p2p" ile ilgili interfacelere uygulaniyor.
    > (aslinda orjinal dokumanda "service-policy out p2p"'da var)
    >
    > su anda bu is goruyor. Ama kimse cikamiyor.
    > Bir delik nasil acarim.
    >
    > Simdiden tesekkurler,
    >
    > Y.C
    >
    > Tuesday, June 24, 2003, 4:08:16 PM, you wrote:
    >
    > DYK> Merhaba
    >
    > DYK> Tanimlanan class da match eden unsurlari belirtiyosun.
    > DYK> Class'i "match any" ya da "match all" seklinde tanimlayabilirsin. (by
    > DYK> default macth all)
    >
    > DYK> ornek:
    > DYK> class xxx
    > DYK> match protocol http
    > DYK> mat access-group xxx ==>
    >
    > DYK> Eger hicbir class'a match etmezse zaten otomatik tanimli[/color]
    "class-default" u[color=blue]
    > DYK> kullanacaktir.
    >
    > DYK> Bence tanimladigin access-list range icine o class'dan yararlanmasi
    > DYK> gerekmeyen hostlari koyma
    > DYK> Bunun sorununu cozmesi gerekir
    >
    >
    > DYK> Devrim
    >
    >
    > DYK> ----- Original Message -----
    > DYK> From: "Yalcin Cekic" <[email protected]>
    > DYK> To: <[email protected]>
    > DYK> Sent: Tuesday, June 24, 2003 1:39 PM
    > DYK> Subject: [cisco-ttl] istenmiyen tirafik
    >
    >[color=green][color=darkred]
    > >>
    > >> Merhabalar,
    > >>
    > >> istenmeyen trafiğin engellenmesinde kullanilan
    > >> NBAR ile filtrelemede, bu filtremelerden bazi hostlarin
    > >> istisna tutulması mümkünmdür. Münkünse nasıl ??
    > >>
    > >> sevgiler,
    > >>
    > >> Y.C

  5. #5
    Yalcin Cekic Guest

    Standart Re[4]: istenmiyen tirafik


    Selam Devrim,

    yaptigim isin orjinal dokumani mail'in sonunda, orada denilenleri
    yaptik.
    [color=blue]
    >Neden conform actionlar hep "drop", gnutella , kazaa2 ve fasttrack
    >trafigini hic mi gecirmeyeceksin?[/color]
    evet bu trafik hic gecmesin istiyoruz.
    [color=blue]
    >yani sadece "exceed" e de drop diyebilirdin.[/color]
    bu konfigurasyonu baska bir listeden aldik.
    konuya hic hakim degilim o yuzden.

    oncelikle ilgili portlarin konfigurasyonu soyle
    --------------------------
    !
    interface FastEthernet0/1
    ip address xx.xx.xx.x 255.255.255.192
    ip policy route-map test
    duplex auto
    speed auto
    service-policy input p2p
    no cdp enable
    !
    !
    interface Serial0/1.1 point-to-point
    description sp1
    ip address xx.xx.xx.xx 255.255.255.252
    service-policy output p2p
    no cdp enable
    frame-relay interface-dlci 16
    !
    !
    interface Serial3/1:1.1 point-to-point
    description sp2
    ip address xx.xx.xx.xx 255.255.255.252
    service-policy output p2p
    no arp frame-relay
    no cdp enable
    frame-relay interface-dlci 93
    !

    -----------------------------------------------------------------

    sh policy-map interface ciktisi:

    FastEthernet0/1

    Service-policy input: p2p

    Class-map: kazaa2 (match-all)
    3305070 packets, 760620797 bytes
    5 minute offered rate 4000 bps, drop rate 4000 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 3305070 packets, 760620797 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 4000 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    325004 packets, 20152378 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 325004 packets, 20152378 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    7992 packets, 499372 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 7992 packets, 499372 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    513173538 packets, 279205029652 bytes
    5 minute offered rate 393000 bps, drop rate 0 bps
    Match: any
    Serial0/1.1

    Service-policy output: p2p

    Class-map: kazaa2 (match-all)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    32225283 packets, 10760448739 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: any
    Serial3/0:1.1: DLCI 100 -

    Service-policy output: VOICE-POLICY

    Class-map: voice-traffic (match-all)
    22238373 packets, 1568213366 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group 110
    Queueing
    Strict Priority
    Output Queue: Conversation 136
    Bandwidth 45 (kbps) Burst 1125 (Bytes)
    (pkts matched/bytes matched) 22238373/1567102235
    (total drops/bytes drops) 57209/77334611

    Class-map: voice-signaling (match-all)
    105774 packets, 39353396 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group 111
    Queueing
    Output Queue: Conversation 137
    Bandwidth 8 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 105774/39353396
    (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)
    156984969 packets, 124669187316 bytes
    5 minute offered rate 81000 bps, drop rate 0 bps
    Match: any
    Queueing
    Flow Based Fair Queueing
    Maximum Number of Hashed Queues 128
    (total queued/total drops/no-buffer drops) 0/13906/0
    Serial3/1:1.1

    Service-policy output: p2p

    Class-map: kazaa2 (match-all)
    1 packets, 383 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 1 packets, 383 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    1 packets, 52 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 1 packets, 52 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    400 packets, 20704 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 400 packets, 20704 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    531558282 packets, 251427043991 bytes
    5 minute offered rate 377000 bps, drop rate 0 bps
    Match: any
    Serial4/0:1.1

    Service-policy output: p2p

    Class-map: kazaa2 (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    32806530 packets, 15357051585 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    -----------------------------------------------------------------

    orjinal dokuman.
    *****************************************************************
    Onemli olan noktalardan biri de yonlendiricinizde CEF switchingin acik
    olmasidir.

    Router(config)#ip cef

    Su an yaygin kullanilan kazaa, morpheus gibi yazilimlarin kullandigi
    belli basli protokoller vardir. Fasttrack ve Gnutella bunlardan en fazla
    kullanilan ikisi. Cisco yonlendiricinize oncelikle bunlarin NBAR
    tarafindan taninmasini saglayan, bir nevi imza olan pdlm uzantili
    dosyalari tftp vasitasi ile atilmasi gerekiyor. Ekte verilen pdlm
    dosyalarini bir tftp sunucusuna koyduktan sonra bunlari yonlendirici
    flashina veya diskine tftp ile atmaniz gerekiyor:

    Router#copy tftp flash
    veya
    Router#copy tftp disk0

    Butun dosyalar atildiktan sonra:

    Router(config)#ip nbar pdlm flash:kazaa2.pdlm
    Router(config)#ip nbar pdlm flash:gnutella.pdlm
    Router(config)#ip nbar pdlm flash:fasttrack.pdlm

    Komutlari ile NBAR'a pdlmler tanitilir. Bu asamada yeni bazi IOSlarda bu
    pdlmlerin bir veya birkaci icin bunlar zaten yuklu gibi bir hata
    alabilirsiniz. Belli IOS versiyonlari standart olarak bu pdlmleri
    icerdigi icin boyle bir hata aldiginiz zaman gozardi edebilirsiniz.

    Daha sonra herbir trafik tipi icin asagidaki konfigurasyon komutlarini
    kullanarak class-mapler olusturmaniz gerekiyor:

    Router(config)#class-map match-all gnutella
    Router(config-cmap)#match protocol gnutella

    Router(config)#class-map match-all kazaa2
    Router(config-cmap)#match protocol kazaa2

    Router(config)#class-map match-all fasttrack
    Router(config-cmap)#match protocol fasttrack

    Bu sekilde siniflandirilan trafik tiplerine uygulanacak politikayi
    belirlemek uzere asagidaki sekilde bir policy-map olusturun. Asagidaki
    ornekte Kazaa2, Gnutella ve Fasttrack tipi uygulamalar tamamen
    kisitlanmistir.

    Router(config)#policy-map p2p

    Router(config-pmap)#class kazaa2
    Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Router(config-pmap)#class gnutella
    Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Router(config-pmap)#class fasttrack
    Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Yukaridaki 18750000 sayisi su sekilde hesaplanir: Hat kapasitesi (bps) x
    1.5 / 8
    37500000 sayisi ise yukarida verilen degerin iki katidir.

    Son olarak policy-map'in ilgili interface'te uygulanabilmesi icin
    interface konfigurasyon modunda asagidaki komutlar girilir:

    Router(config-if)#service-policy input p2p
    Router(config-if)#service-policy output p2p

    Uyguladiginiz policy-map'in calisip calismadigini izlemek icin asagidaki
    komutu kullanabilirsiniz:

    Router#sh policy-map interface
    ****************************************************************************

    Y.C


    ------------------------ Yahoo! Groups Sponsor ---------------------~-->
    Looking for the latest Free IT White Papers?
    Visit SearchSecurity.com to access over 500 white papers.
    Get instant access at SearchSecurity.com Today
    [url]http://us.click.yahoo.com/n8VQRB/QLNGAA/ddnFAA/26EolB/TM[/url]
    ---------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bir e-posta gönderebilirsiniz.

    Your use of Yahoo! Groups is subject to [url]http://docs.yahoo.com/info/terms/[/url]




  6. #6
    Devrim Yener KUCUK Guest

    Standart Re: Re[4]: istenmiyen tirafik

    Selam Yalcin

    Gonderdigin konfigurasyon asagidaki gibi.

    interface Serial0/1
    no ip address
    encapsulation frame-relay IETF
    load-interval 30
    frame-relay lmi-type ansi
    !
    interface Serial0/1.1 point-to-point
    description netone
    ip address 212.154.25.126 255.255.255.252
    service-policy output p2p
    no cdp enable
    frame-relay interface-dlci 16

    Normalde frame relayde outgoing yonde bir policing/shaping yaparsan
    FRTS enable etmen gerekir.
    [url]http://www.cisco.com/warp/public/105/cbwfq_frpvs.html[/url]

    Cunku bu mekanizma ne kadar bandwidth ya da bandwidth yuzdesi kullanacaginibilmeli.
    Fiziksel interfacelerin altinda tek bir subinterface icin sorun olmayabilirancak birden fazla suninterface varsa mekanizma
    her subinterface icin ne kadar bandwidth kullanacagini nasil bilecek?

    Onun icin oncelikle konfig su sekilde modifiye edilmeli:
    (ben bir interface icin ornek veriyorum)

    interface Serial0/1
    frame-relay traffic-shaping

    interface Serial0/1.1 point-to-point
    frame-relay interface-dlci 16
    class xxx

    map-class frame-relay xxx
    frame-relay cir 64000
    frame-relay bc 8000
    frame-relay mincir 64000

    Frame relay de referans olarak alinan CIR ve mincir parametreleridir.
    Eger mincir tanimli degilse CIR/2 kullanilir.
    mincir tanimli ise kullanilan mincir degeridir.

    Konfigurasyonunu bu sekilde modifiye edip dener misin?

    Devrim




    ----- Original Message -----
    From: Yalcin Cekic
    To: Devrim Yener KUCUK
    Sent: Tuesday, June 24, 2003 6:08 PM
    Subject: Re[4]: [cisco-ttl] istenmiyen tirafik



    Selam Devrim,

    yaptigim isin orjinal dokumani mail'in sonunda, orada denilenleri
    yaptik.
    [color=blue]
    >Neden conform actionlar hep "drop", gnutella , kazaa2 ve fasttrack
    >trafigini hic mi gecirmeyeceksin?[/color]
    evet bu trafik hic gecmesin istiyoruz.
    [color=blue]
    >yani sadece "exceed" e de drop diyebilirdin.[/color]
    bu konfigurasyonu baska bir listeden aldik.
    konuya hic hakim degilim o yuzden.

    oncelikle ilgili portlarin konfigurasyonu soyle
    --------------------------
    !
    interface FastEthernet0/1
    ip address xx.xx.xx.x 255.255.255.192
    ip policy route-map test
    duplex auto
    speed auto
    service-policy input p2p
    no cdp enable
    !
    !
    interface Serial0/1.1 point-to-point
    description sp1
    ip address xx.xx.xx.xx 255.255.255.252
    service-policy output p2p
    no cdp enable
    frame-relay interface-dlci 16
    !
    !
    interface Serial3/1:1.1 point-to-point
    description sp2
    ip address xx.xx.xx.xx 255.255.255.252
    service-policy output p2p
    no arp frame-relay
    no cdp enable
    frame-relay interface-dlci 93
    !

    -----------------------------------------------------------------

    sh policy-map interface ciktisi:

    FastEthernet0/1

    Service-policy input: p2p

    Class-map: kazaa2 (match-all)
    3305070 packets, 760620797 bytes
    5 minute offered rate 4000 bps, drop rate 4000 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 3305070 packets, 760620797 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 4000 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    325004 packets, 20152378 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 325004 packets, 20152378 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    7992 packets, 499372 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 7992 packets, 499372 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    513173538 packets, 279205029652 bytes
    5 minute offered rate 393000 bps, drop rate 0 bps
    Match: any
    Serial0/1.1

    Service-policy output: p2p

    Class-map: kazaa2 (match-all)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    32225283 packets, 10760448739 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: any
    Serial3/0:1.1: DLCI 100 -

    Service-policy output: VOICE-POLICY

    Class-map: voice-traffic (match-all)
    22238373 packets, 1568213366 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group 110
    Queueing
    Strict Priority
    Output Queue: Conversation 136
    Bandwidth 45 (kbps) Burst 1125 (Bytes)
    (pkts matched/bytes matched) 22238373/1567102235
    (total drops/bytes drops) 57209/77334611

    Class-map: voice-signaling (match-all)
    105774 packets, 39353396 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group 111
    Queueing
    Output Queue: Conversation 137
    Bandwidth 8 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 105774/39353396
    (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)
    156984969 packets, 124669187316 bytes
    5 minute offered rate 81000 bps, drop rate 0 bps
    Match: any
    Queueing
    Flow Based Fair Queueing
    Maximum Number of Hashed Queues 128
    (total queued/total drops/no-buffer drops) 0/13906/0
    Serial3/1:1.1

    Service-policy output: p2p

    Class-map: kazaa2 (match-all)
    1 packets, 383 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 1 packets, 383 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    1 packets, 52 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 1 packets, 52 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    400 packets, 20704 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 400 packets, 20704 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    531558282 packets, 251427043991 bytes
    5 minute offered rate 377000 bps, drop rate 0 bps
    Match: any
    Serial4/0:1.1

    Service-policy output: p2p

    Class-map: kazaa2 (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol kazaa2
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: gnutella (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol gnutella
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: fasttrack (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: protocol fasttrack
    police:
    cir 2048000 bps, bc 384000 bytes
    conformed 0 packets, 0 bytes; actions:
    drop
    exceeded 0 packets, 0 bytes; actions:
    drop
    conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
    32806530 packets, 15357051585 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    -----------------------------------------------------------------

    orjinal dokuman.
    *****************************************************************
    Onemli olan noktalardan biri de yonlendiricinizde CEF switchingin acik
    olmasidir.

    Router(config)#ip cef

    Su an yaygin kullanilan kazaa, morpheus gibi yazilimlarin kullandigi
    belli basli protokoller vardir. Fasttrack ve Gnutella bunlardan en fazla
    kullanilan ikisi. Cisco yonlendiricinize oncelikle bunlarin NBAR
    tarafindan taninmasini saglayan, bir nevi imza olan pdlm uzantili
    dosyalari tftp vasitasi ile atilmasi gerekiyor. Ekte verilen pdlm
    dosyalarini bir tftp sunucusuna koyduktan sonra bunlari yonlendirici
    flashina veya diskine tftp ile atmaniz gerekiyor:

    Router#copy tftp flash
    veya
    Router#copy tftp disk0

    Butun dosyalar atildiktan sonra:

    Router(config)#ip nbar pdlm flash:kazaa2.pdlm
    Router(config)#ip nbar pdlm flash:gnutella.pdlm
    Router(config)#ip nbar pdlm flash:fasttrack.pdlm

    Komutlari ile NBAR'a pdlmler tanitilir. Bu asamada yeni bazi IOSlarda bu
    pdlmlerin bir veya birkaci icin bunlar zaten yuklu gibi bir hata
    alabilirsiniz. Belli IOS versiyonlari standart olarak bu pdlmleri
    icerdigi icin boyle bir hata aldiginiz zaman gozardi edebilirsiniz.

    Daha sonra herbir trafik tipi icin asagidaki konfigurasyon komutlarini
    kullanarak class-mapler olusturmaniz gerekiyor:

    Router(config)#class-map match-all gnutella
    Router(config-cmap)#match protocol gnutella

    Router(config)#class-map match-all kazaa2
    Router(config-cmap)#match protocol kazaa2

    Router(config)#class-map match-all fasttrack
    Router(config-cmap)#match protocol fasttrack

    Bu sekilde siniflandirilan trafik tiplerine uygulanacak politikayi
    belirlemek uzere asagidaki sekilde bir policy-map olusturun. Asagidaki
    ornekte Kazaa2, Gnutella ve Fasttrack tipi uygulamalar tamamen
    kisitlanmistir.

    Router(config)#policy-map p2p

    Router(config-pmap)#class kazaa2
    Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Router(config-pmap)#class gnutella
    Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Router(config-pmap)#class fasttrack
    Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Yukaridaki 18750000 sayisi su sekilde hesaplanir: Hat kapasitesi (bps) x
    1.5 / 8
    37500000 sayisi ise yukarida verilen degerin iki katidir.

    Son olarak policy-map'in ilgili interface'te uygulanabilmesi icin
    interface konfigurasyon modunda asagidaki komutlar girilir:

    Router(config-if)#service-policy input p2p
    Router(config-if)#service-policy output p2p

    Uyguladiginiz policy-map'in calisip calismadigini izlemek icin asagidaki
    komutu kullanabilirsiniz:

    Router#sh policy-map interface
    ****************************************************************************

    Y.C


    Yahoo! Groups Sponsor
    ADVERTISEMENT




    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email][email protected][/email] adresine bire-posta gönderebilirsiniz.

    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



  7. #7
    Yalcin Cekic Guest

    Standart Re[6]: istenmiyen tirafik

    Hocam,

    Serial0/1 benim cikisim degil. Onu bizim bir birim kullaniyor.
    Benim asil internet cikisimla ilgili interface burasi:
    ---------------------------------------------------------
    !
    interface Serial3/1:1
    no ip address
    encapsulation frame-relay IETF
    frame-relay lmi-type ansi
    !
    interface Serial3/1:1.1 point-to-point
    description ULAKNET_2Mbit
    ip address 193.255.0.130 255.255.255.252
    service-policy output p2p
    no arp frame-relay
    no cdp enable
    frame-relay interface-dlci 93
    ---------------------------------------------------------

    1- verdigin ornegi burada kullanabilirmiyim ??

    2- Simdi yukardan goruldugu gibi bu interface'e p2p policy uygulanmis.
    sana daha once gonderdigim sh run'dan gozuktugu uzere buradaki
    tanimlar 2M bit'lik baglanti icin yapilmis.
    (Bizim Ulaknet cikisimiz 2Mbit) dolayisiyla tum bu BW'i bu p2p
    trafigine kapatiyot. senin dedigin gibi yaparsam sumu olacak
    1.5M icin bu p2p trafigini yasakla gere kalani icin yasaklama.
    oylemi ???

    Kusura bakma, daha cok yeniyim. CCNA egitimci egitimini daha gecen
    hafta aldim :-) Cok teknik seylerden anlamiyorum. Tabii yukarda
    bahsi gecen konular ultra ileri seviyelerde benim icin.

    Yardimlarin icin cok tesekkurler

    DYK> Selam Yalcin

    DYK> Gonderdigin konfigurasyon asagidaki gibi.

    DYK> interface Serial0/1
    DYK> no ip address
    DYK> encapsulation frame-relay IETF
    DYK> load-interval 30
    DYK> frame-relay lmi-type ansi
    DYK> !
    DYK> interface Serial0/1.1 point-to-point
    DYK> description netone
    DYK> ip address 212.154.25.126 255.255.255.252
    DYK> service-policy output p2p
    DYK> no cdp enable
    DYK> frame-relay interface-dlci 16

    DYK> Normalde frame relayde outgoing yonde bir policing/shaping yaparsan
    DYK> FRTS enable etmen gerekir.
    DYK> [url]http://www.cisco.com/warp/public/105/cbwfq_frpvs.html[/url]

    DYK> Cunku bu mekanizma ne kadar bandwidth ya da bandwidth yuzdesi kullanacagini bilmeli.
    DYK> Fiziksel interfacelerin altinda tek bir subinterface icin sorun olmayabilir ancak birden fazla suninterface varsa mekanizma
    DYK> her subinterface icin ne kadar bandwidth kullanacagini nasil bilecek?

    DYK> Onun icin oncelikle konfig su sekilde modifiye edilmeli:
    DYK> (ben bir interface icin ornek veriyorum)

    DYK> interface Serial0/1
    DYK> frame-relay traffic-shaping

    DYK> interface Serial0/1.1 point-to-point
    DYK> frame-relay interface-dlci 16
    DYK> class xxx

    DYK> map-class frame-relay xxx
    DYK> frame-relay cir 64000
    DYK> frame-relay bc 8000
    DYK> frame-relay mincir 64000

    DYK> Frame relay de referans olarak alinan CIR ve mincir parametreleridir.
    DYK> Eger mincir tanimli degilse CIR/2 kullanilir.
    DYK> mincir tanimli ise kullanilan mincir degeridir.

    DYK> Konfigurasyonunu bu sekilde modifiye edip dener misin?

    DYK> Devrim

  8. #8
    Devrim Yener KUCUK Guest

    Standart Re: Re[6]: istenmeyen trafik

    Yalcin sen bana 0/1 ve 3/1 i gondermistin


    1- kullanabilirsin
    2- Yalcin bu sekilde zor olacak, biraz basic CBWFQ kismini oku istersen.
    Direk cozumu vermekten ziyade yol gostermeyi tercih ederim.

    Az onceki mailde mantigin nasil calistigini soyledim


    devrim



    ----- Original Message -----
    From: Yalcin Cekic
    To: Devrim Yener KUCUK
    Sent: Wednesday, June 25, 2003 10:41 AM
    Subject: Re[6]: [cisco-ttl] istenmiyen tirafik



    Hocam,

    Serial0/1 benim cikisim degil. Onu bizim bir birim kullaniyor.
    Benim asil internet cikisimla ilgili interface burasi:
    ---------------------------------------------------------
    !
    interface Serial3/1:1
    no ip address
    encapsulation frame-relay IETF
    frame-relay lmi-type ansi
    !
    interface Serial3/1:1.1 point-to-point
    description ULAKNET_2Mbit
    ip address 193.255.0.130 255.255.255.252
    service-policy output p2p
    no arp frame-relay
    no cdp enable
    frame-relay interface-dlci 93
    ---------------------------------------------------------

    1- verdigin ornegi burada kullanabilirmiyim ??

    2- Simdi yukardan goruldugu gibi bu interface'e p2p policy uygulanmis.
    sana daha once gonderdigim sh run'dan gozuktugu uzere buradaki
    tanimlar 2M bit'lik baglanti icin yapilmis.
    (Bizim Ulaknet cikisimiz 2Mbit) dolayisiyla tum bu BW'i bu p2p
    trafigine kapatiyot. senin dedigin gibi yaparsam sumu olacak
    1.5M icin bu p2p trafigini yasakla gere kalani icin yasaklama.
    oylemi ???

    Kusura bakma, daha cok yeniyim. CCNA egitimci egitimini daha gecen
    hafta aldim :-) Cok teknik seylerden anlamiyorum. Tabii yukarda
    bahsi gecen konular ultra ileri seviyelerde benim icin.

    Yardimlarin icin cok tesekkurler

    DYK> Selam Yalcin

    DYK> Gonderdigin konfigurasyon asagidaki gibi.

    DYK> interface Serial0/1
    DYK> no ip address
    DYK> encapsulation frame-relay IETF
    DYK> load-interval 30
    DYK> frame-relay lmi-type ansi
    DYK> !
    DYK> interface Serial0/1.1 point-to-point
    DYK> description netone
    DYK> ip address 212.154.25.126 255.255.255.252
    DYK> service-policy output p2p
    DYK> no cdp enable
    DYK> frame-relay interface-dlci 16

    DYK> Normalde frame relayde outgoing yonde bir policing/shaping yaparsan
    DYK> FRTS enable etmen gerekir.
    DYK> [url]http://www.cisco.com/warp/public/105/cbwfq_frpvs.html[/url]

    DYK> Cunku bu mekanizma ne kadar bandwidth ya da bandwidth yuzdesi kullanacagini bilmeli.
    DYK> Fiziksel interfacelerin altinda tek bir subinterface icin sorun olmayabilir ancak birden fazla suninterface varsa mekanizma
    DYK> her subinterface icin ne kadar bandwidth kullanacagini nasil bilecek?

    DYK> Onun icin oncelikle konfig su sekilde modifiye edilmeli:
    DYK> (ben bir interface icin ornek veriyorum)

    DYK> interface Serial0/1
    DYK> frame-relay traffic-shaping

    DYK> interface Serial0/1.1 point-to-point
    DYK> frame-relay interface-dlci 16
    DYK> class xxx

    DYK> map-class frame-relay xxx
    DYK> frame-relay cir 64000
    DYK> frame-relay bc 8000
    DYK> frame-relay mincir 64000

    DYK> Frame relay de referans olarak alinan CIR ve mincir parametreleridir..
    DYK> Eger mincir tanimli degilse CIR/2 kullanilir.
    DYK> mincir tanimli ise kullanilan mincir degeridir.

    DYK> Konfigurasyonunu bu sekilde modifiye edip dener misin?

    DYK> Devrim

  9. #9
    e-mky Guest

    Standart

    banada böyle birconfig lazım.

    elimde 2800 seris ip base ios var: c2801-ipbase-mz.124-1c.bin
    isco IOS Software, 2801 Software (C2801-IPBASE-M), Version 12.4(1c), RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2005 by Cisco Systems, Inc.
    Compiled Wed 26-Oct-05 08:42 by evmiller

    ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1
    benim istediğim kimse P2P kullanmasın ama normal interneti kullanabilmekte s orun yaşamasın :)

+ Konuyu Cevapla

Bu Konuyu Paylaşın !

Bu Konuyu Paylaşın !

Yetkileriniz

  • Konu Acma Yetkiniz Yok
  • Cevap Yazma Yetkiniz Yok
  • Eklenti Yükleme Yetkiniz Yok
  • Mesajınızı Değiştirme Yetkiniz Yok