防火墻帶寬管理

拓撲

配置

[fw]interface GigabitEthernet 0/0/0    
[fw-GigabitEthernet0/0/0]service-manage all permit   
[fw]interface GigabitEthernet 1/0/0
[fw-GigabitEthernet1/0/0]ip address 12.0.0.1 24
[fw]interface GigabitEthernet 1/0/1
[fw-GigabitEthernet1/0/1]ip address 13.0.0.1 24
[fw]interface GigabitEthernet 1/0/3
[fw-GigabitEthernet1/0/3]ip address 10.1.1.254 24
[fw]interface GigabitEthernet 1/0/2.1
[fw-GigabitEthernet1/0/2.1]ip address 10.1.1.254 2
[fw-GigabitEthernet1/0/2.1]vlan-type dot1q 10
[fw-GigabitEthernet1/0/2.1]interface GigabitEthernet 1/0/2.2
[fw-GigabitEthernet1/0/2.2]ip address 192.168.2.254 24
[fw-GigabitEthernet1/0/2.2]vlan-type dot1q 20
[fw-GigabitEthernet1/0/2.2]interface GigabitEthernet 1/0/2.3
[fw-GigabitEthernet1/0/2.3]ip address 192.168.3.254 24
[fw-GigabitEthernet1/0/2.3]vlan-type dot1q 30
[fw-GigabitEthernet1/0/2.3]interface GigabitEthernet 1/0/2.4
[fw-GigabitEthernet1/0/2.4]ip address 192.168.4.254 24
[fw-GigabitEthernet1/0/2.4]vlan-type dot1q 40[fw]firewall zone trust 
[fw-zone-trust]add interface GigabitEthernet 1/0/2.1
[fw-zone-trust]add interface GigabitEthernet 1/0/2.2
[fw-zone-trust]add interface GigabitEthernet 1/0/2.3
[fw-zone-trust]add interface GigabitEthernet 1/0/2.4
[fw]firewall zone dmz 
[fw-zone-dmz]add interface GigabitEthernet 1/0/3
[fw]firewall zone untrust 
[fw-zone-untrust]add interface GigabitEthernet 1/0/1
[fw-zone-untrust]add interface GigabitEthernet 1/0/0[Huawei]interface GigabitEthernet 0/0/0    
[Huawei-GigabitEthernet0/0/0]ip address 12.0.0.2 24[liantong]interface GigabitEthernet 0/0/0    
[liantong-GigabitEthernet0/0/0]ip address 13.0.0.3 24[sw1]vlan batch 10 20 30 40
[sw1-GigabitEthernet0/0/1]port link-type trunk 
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 40
[sw1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access 
[sw1-GigabitEthernet0/0/2]port default vlan 10
[sw1-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]port link-type access
[sw1-GigabitEthernet0/0/3]port default vlan 20
[sw1-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/4
[sw1-GigabitEthernet0/0/4]port link-type access
[sw1-GigabitEthernet0/0/4]port default vlan 30
[sw1-GigabitEthernet0/0/4]interface GigabitEthernet 0/0/5
[sw1-GigabitEthernet0/0/5]port link-type access
[sw1-GigabitEthernet0/0/5]port default vlan 40

需求一
企業組織架構中存在部門A，部門A中存在銷售組1和研發組2?

銷售部門--->業務Email、ERP服務?

可以對部門A中的銷售組進行帶寬資源細分，保證銷售員工的業務服務流量正常轉發：?

1、部門A的下行最大帶寬不超過60M?

2、部門A中的銷售組下行最大帶寬不超過30M?

3、部門A中的銷售組的Email、ERP業務下行最小帶寬不低于20M?

[fw]traffic-policy
[fw-policy-traffic-profile-01]bandwidth maximum-bandwidth whole downstream 60000
[fw-policy-traffic-profile-01]q
[fw-policy-traffic]rule name 01 
[fw-policy-traffic-rule-01]source-zone trust
[fw-policy-traffic-rule-01]destination-zone untrust   
[fw-policy-traffic-rule-01]source-address 192.168.1.0 24 
[fw-policy-traffic-rule-01]source-address 192.168.2.0 24 
[fw-policy-traffic-rule-01]action qos profile 01

測試

需求二
給部門A和部門B劃分可使用的帶寬資源。要避免P2P業務占據較多的帶寬，還需要限制部門A和部門B使用 P2P業務的帶寬總和。?

1、部門A下行最大帶寬60M?

2、部門B下行最大帶寬40M?

3、部門A和部門B的P2P業務下行最大帶寬不超過80M?

4、P2P流量需要計算到各自部門的總流量中

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/diannao/74224.shtml
繁體地址，請注明出處：http://hk.pswp.cn/diannao/74224.shtml
英文地址，請注明出處：http://en.pswp.cn/diannao/74224.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！