1.在交换机上启动QOS
mls qos
2. 定义访问控制列表
access-list 100 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 #拒绝的网络段
access-list 100 deny ip 172.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255 #拒绝的网络段
access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 #拒绝的网络段
access-list 100 deny ip host 192.168.1.1 # #拒绝的主机
access-list 100 permit ip any 192.168.1.0 0.0.0.255 #下载的网段
access-list 10 permit 192.168.1.0 0.0.0.255 #上传的网段
3.定义类,并和上面定义的访问控制列表绑定
class-map down #定义下载的map
match access-group 100
class-map up #定义上传的map
match access-group 10
4.定义策略,把定义的类绑定到该策略
policy-map down
class down
trust dscp
police 5120K 8000 exceed-action drop
policy-map up
class up
trust dscp
police 5120K 8000 exceed-action drop
5.在接口上应用
interface g0/1 #出去的端口
service-policy input down
interface fa0/1 #交换机的接入层端口
service-policy input up
原文地址:http://11137529.blog.51cto.com/11127529/1884882