From: Hobbs (deadheadblues@gmail.com)
Date: Wed Jan 21 2009 - 21:46:23 ARST
yep, Josh is right on:
R1#sho ip nbar port-map secure-telnet
port-map secure-telnet tcp 992
R1#sho ip nbar port-map ssh
port-map ssh tcp 22
On Wed, Jan 21, 2009 at 4:23 PM, joshua atterbury <joshuaatterbury@gmail.com
> wrote:
> Joe,
>
> For the ssh component, Do you not have "match protocol ssh" as an option
> in
> the class-map? I always thought that secure-telnet != ssh.
>
> Josh.
> On Thu, Jan 22, 2009 at 8:21 AM, Joe Astorino <joe_astorino@comcast.net
> >wrote:
>
> > Hello guys,
> >
> > I am pretty new to QoS configurations, but am trying to prioritize some
> > things in my home network. I am a bit confused, as when I had "match
> > protocol secure-telnet" configured and was ssh'd into my router when
> > shaping
> > was active I was not seeing any counters increase. However, when I added
> a
> > "match access-group ssh" into it which was just "permit tcp any any eq
> ssh"
> > as well as "permit tcp any eq ssh any" those counters did increase. Is
> > there any reason for this you guys can think of? Here is my
> configuration:
> > Note I pay comcast for 8Mb/384kb service. Any input on if my QoS is
> > actually correct would be appreciated as a side note :) I'll put some
> > explanations of what I *think* is going on at this point below
> >
> > */ So here are my 2 interfaces, fa0/1 is my cable modem, fa0/0.1 is my
> > inside LAN /*
> >
> > Bono(config-cmap)#do sh run int fa0/1 | i
> > description|service-policy|bandwidth
> > description WAN
> > bandwidth 384
> > max-reserved-bandwidth 100
> > service-policy output parent
> >
> > Bono(config-subif)#do sh run int fa0/0.1 | i
> > description|service-policy|bandwidth
> > description LAN subinterface
> > bandwidth 8000000
> > service-policy output lan
> >
> >
> > */ I shape the output of the WAN interface to 384k because that is what I
> > pay for. I nest in the service-policy "priority-traffic" so that it does
> > cbwfq /* Note, if I do "show queueing int fa0/1" it shows no queueing
> but
> > if I do "show policy-map int fa0/1" it shows everything and counters
> > increment as expected. Not sure if this is an effect of the nesting.
> >
> > Bono(config-subif)#do sh policy-map parent
> > Policy Map parent
> > Class class-default
> > Traffic Shaping
> > Average Rate Traffic Shaping
> > CIR 384000 (bps) Max. Buffers Limit 1000 (Packets)
> > service-policy priority-traffic
> >
> > */ If my uplink is congested I want to give 50% of my bandwidth (192k) to
> > my
> > "priority" traffic which includes www,https,telnet,ssh, email and some
> > other
> > stuff you see in the class-map. I also wish to give my vonage 128k
> > bandwidth
> > /*
> >
> > Policy Map priority-traffic
> > Class priority-traffic
> > Bandwidth 50 (%) Max Threshold 64 (packets)
> > Class call-signalling
> > Bandwidth 10 (%) Max Threshold 64 (packets)
> > Class voice
> > Strict Priority
> > Bandwidth 128 (kbps) Burst 3200 (Bytes)
> >
> > Class Map match-any priority-traffic (id 4)
> > Match protocol http
> > Match protocol secure-http
> > Match protocol telnet
> > Match protocol secure-telnet
> > Match protocol smtp
> > Match protocol pop3
> > Match protocol imap
> > Match protocol secure-pop3
> > Match protocol secure-imap
> > Match protocol secure-ftp
> > Match protocol ftp
> > Match access-group name rdp
> > Match access-group name ssh
> >
> > Class Map match-any call-signalling (id 1)
> > Match access-group name sip
> >
> > Bono(config-subif)#do sh class-map voice
> > Class Map match-any voice (id 2)
> > Match protocol rtp audio
> >
> >
> > */ Here is where I am not quite sure on some things. The idea here is
> that
> > I want to shape traffic coming from the internet to 8Mb but not my
> internal
> > network stuff because it is a fastethernet interface. So by nesting
> > service-policy priority-lan inside of the lan policy-map that has shaping
> > on
> > it, I am hoping to only shape/queue non 10.0.0.0/8 traffic. /*
> >
> > Policy Map lan
> > Class outside
> > Traffic Shaping
> > Average Rate Traffic Shaping
> > CIR 8000000 (bps) Max. Buffers Limit 1000 (Packets)
> > service-policy priority-lan
> > Class class-default
> >
> > Bono(config-subif)#do sh class outside
> > Class Map match-all outside (id 5)
> > Match access-group 55
> >
> > Bono(config-subif)#do sh access-list 55
> > Standard IP access list 55
> > 10 deny 10.0.0.0, wildcard bits 0.255.255.255 (3039 matches)
> > 20 permit any (1922730 matches)
> >
> > Policy Map priority-lan
> > Class priority-traffic
> > Strict Priority
> > Bandwidth 50 (%)
> >
> >
> > So I guess that is it. I am wondering if this is doing what I have
> > explained, and also about that secure shell thing and show queueing
> thing.
> > Any help much appreciated guys!
> >
> > - Joe A
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
> >
> > mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
> > Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
> > W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
> > RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
> > YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
> > doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
> > EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
> > FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
> > FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
> > aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
> > CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
> > Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
> > tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
> > q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
> > VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
> > ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
> > fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
> > F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
> > UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
> > nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
> > QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
> > 1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
> > L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
> > DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
> > 74k/eLaYWYqu7YI=
> > =8HMA
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST