1 QoS... 1 QoS... 1 QoS QoS... 5 Class DSCP... 7 CoS... 7 IP QoS... 8 IP / /... 9 Cl

Similar documents
Master Thesis_專門用來製作目錄.doc


IP505SM_manual_cn.doc

untitled

飞鱼星多WAN防火墙路由器用户手册


D E 答 案 :C 3. 工 作 站 A 配 置 的 IP 地 址 为 /28. 工 作 站 B 配 置 的 IP 地 址 为 /28. 两 个 工 作 站 之 间 有 直 通 线 连 接, 两 台

第 1 章 概 述 1.1 计 算 机 网 络 在 信 息 时 代 中 的 作 用 1.2 计 算 机 网 络 的 发 展 过 程 *1.2.1 分 组 交 换 的 产 生 *1.2.2 因 特 网 时 代 *1.2.3 关 于 因 特 网 的 标 准 化 工 作 计 算 机 网 络 在

RAQMON Context Setting MG PDA Applications RTP / FTP/ HTTP TCP/UDP S ignaling control plane (e.g. RS VP, NS IS) Streaming Media, Transaction, Bulk dat

A API Application Programming Interface 见 应 用 程 序 编 程 接 口 ARP Address Resolution Protocol 地 址 解 析 协 议 为 IP 地 址 到 对 应 的 硬 件 地 址 之 间 提 供 动 态 映 射 阿 里 云 内

QL1880new2.PDF

BYOD Http Redirect convergence Client (1) 2008R2 NLB( ) (2) NLB Unicast mode switch flooding (arp ) NLB DNS Redirect 1. Round-Robin DNS DNS IP/DNS Cli

QVM330 多阜寬頻路由器

工程师培训

C3_ppt.PDF

QVM330 多阜寬頻路由器

(UTM???U_935_938_955_958_959 V )

ebook140-9

Microsoft Word - PA168XSIPPhoneWebSetupGuideGB.doc

IP Access Lists IP Access Lists IP Access Lists

9 Internet 10 Internet

NSC-282

TCP/IP TCP/IP OSI IP TCP IP IP TCP/IP TCP/IP

Symantec™ Sygate Enterprise Protection 防护代理安装使用指南

epub 61-2

PL600 IPPBX 用户手册_V2.0_.doc

bingdian001.com

中文朗科AirTrackTM T600 迷你无线路由器用户手册.doc

ebook20-7

1 1 2 OSPF RIP 2

專業式報告

宏电文档

计算机网络概论

ext-web-auth-wlc.pdf

NSC-161

目 彔 1. 准 备 工 作 登 彔 设 置 功 能 说 明 实 时 监 控 基 本 控 制 功 能 设 置 画 质 调 节 彔 像 与 抓 拍

《计算机网络》实验指导书

RG-NBS5816XS交换机RGOS 10.4(3)版本WEB管理手册

第3章 计算机网络体系结构

网工新答案


UDP 8.2 TCP/IP OSI OSI 3 OSI TCP/IP IP TCP/IP TCP/IP Transport Control Protocol TCP User Datagram Protocol UDP TCP TCP/IP IP TCP TCP/IP TC

AL-M200 Series

ch09.PDF


SAPIDO GR-1733 無線寬頻分享器

<4D F736F F F696E74202D20A1B6CFEEC4BFD2BB20B3F5CAB6BCC6CBE3BBFACDF8C2E7A1B7C8CECEF1C8FD20CAECCFA A1A24950D0ADD2E9BACD4950B5D8D6B72E707074>

專業式報告

版权声明

Microsoft Word T-REC-Y C.doc

錄...1 說...2 說 說...5 六 率 POST PAY PREPAY DEPOSIT 更

D-link用户手册.doc

財金資訊-80期.indd

一.NETGEAR VPN防火墙产品介绍

IS-IS路由协议中文教程v1

目 標 評 核 項 目 中 央 研 究 院 102 年 總 辦 事 處 計 算 中 心 績 效 評 比 報 告 執 行 績 效 ( 含 設 定 目 標 之 複 雜 度 及 挑 戰 性 目 標 達 成 度 實 際 成 效 ) 共 同 性 評 核 項 目 一 行 政 效 能 ( 一 ) 建 置 本 院

1 WLAN 接 入 配 置 本 文 中 的 AP 指 的 是 LA3616 无 线 网 关 1.1 WLAN 接 入 简 介 WLAN 接 入 为 用 户 提 供 接 入 网 络 的 服 务 无 线 服 务 的 骨 干 网 通 常 使 用 有 线 电 缆 作 为 线 路 连 接 安 置 在 固 定

ebook71-13

<55342D323637CBB5C3F7CAE92E786C73>

GPRS IP MODEM快速安装说明

User Group SMTP

第 11 章 互聯網技術 11.1 互聯 網 和 萬 維 網 的 發 展 歷 史 A. 互聯網的發展 互聯網是由 ARPANET 開 始發展的 1969 年 美國國防部高級研究計劃署 (ARPA) 把部分軍事研究所和大 的電腦連接起來 建造了㆒個實驗性的電腦網絡 稱為 ARPANET 並 列 的功能

第3章

Microsoft Word - YDB Vehicle Telematics Service Requirement and General Framework

1. 二 進 制 數 值 ( ) 2 轉 換 為 十 六 進 制 時, 其 值 為 何? (A) ( 69 ) 16 (B) ( 39 ) 16 (C) ( 7 A ) 16 (D) ( 8 A ) 在 電 腦 術 語 中 常 用 的 UPS, 其 主 要 功 能

网康科技•互联网控制网关

Chapter #

SIP/ENUM Trial

<4D F736F F F696E74202D FC2B2B3F85FA44AAB49B0BBB4FABB50B977A8BEA874B2CEC2B2A4B6BB50C0B3A5CE2E707074>

ATCOM AT-323 IP... 2 ATCOM AT-323 IP ATCOM AT-323 IP WEB...11 PalmTool Telnet ATCOM

Microsoft PowerPoint - 数据通信-ch1.ppt

untitled

WDM Tbit/s decoupling IP Burst control packet BCP ATM IP

untitled

Web 服 务 器 网 上 银 行 服 务 器 邮 件 服 务 器 置 于 停 火 区 (DMZ), 通 过 病 毒 防 御 网 关 入 侵 检 测 及 防 火 墙 连 接 到 Internet 上, 办 公 网 也 通 过 VPN 防 火 墙 连 接 到 Internet 上 二 金 融 网 络

<B1B1BEA9B9E2BBB7D0C2CDF8BFC6BCBCB9C9B7DDD3D0CFDEB9ABCBBEB4B43F3F12FB6CB293>

目 錄 壹 緣 起... 1 貳 目 標... 7 參 現 行 自 動 化 作 業 現 況 肆 實 施 重 點 及 時 程 伍 資 源 需 求 陸 預 期 效 益 及 影 響 柒 計 畫 管 考 捌 配 合 事 項 子 計 畫

My Net N900 Central Router User Manual

10 IBM Louis V. Gerstner, Jr. 15 Moore's Law EPC PC 2-2

PH802使用手册

基于泛在网的智能交通应用系统总体框架

untitled

Chap6.ppt

13 根 据 各 种 网 络 商 务 信 息 对 不 同 用 户 所 产 生 的 使 用 效 用, 网 络 商 务 信 息 大 致 可 分 为 四 级, 其 中 占 比 重 最 大 的 是 ( A ) A 第 一 级 免 费 信 息 B 第 二 级 低 收 费 信 息 C 第 三 级 标 准 收 费

WebSphere Studio Application Developer IBM Portal Toolkit... 2/21 1. WebSphere Portal Portal WebSphere Application Server stopserver.bat -configfile..

Microsoft Word - YDB doc

MASQUERADE # iptables -t nat -A POSTROUTING -s / o eth0 -j # sysctl net.ipv4.ip_forward=1 # iptables -P FORWARD DROP #

<4D F736F F D D352DBED6D3F2CDF8D7E9BDA8D3EBB9DCC0EDCFEEC4BFBDCCB3CCD5FDCEC42E646F63>

epub 30-5

目 錄 第 一 章 weberp 簡 介... 6 第 一 節 概 述... 6 第 二 節 安 全 性... 7 第 三 節 功 能... 7 一 銷 售 及 訂 單... 7 二 稅... 8 三 應 收 帳 款... 8 四 存 貨... 8 五 購 買... 9 六 應 付 帳 款... 9

第四章-個案分析.doc

coverage2.ppt

自由軟體教學平台

Data Server_new_.doc

84

OSI OSI 15% 20% OSI OSI ISO International Standard Organization 1984 OSI Open-data System Interface Reference Model OSI OSI OSI OSI ISO Prototype Prot

IP-Routing-05.pdf

untitled

第 7 章 下 一 代 网 际 协 议 IPv6 141 足 的 措 施 只 能 是 权 宜 之 计 (3) 路 由 表 膨 胀 早 期 IPv4 的 地 址 结 构 也 造 成 了 路 由 表 的 容 量 过 大 IPv4 地 址 早 期 为 网 络 号 + 主 机 号 结 构, 后 来 引 入

网 络 分 析 仪 网 络 分 析 仪 软 件 使 网 络 技 术 人 员 可 以 快 速 维 护 和 优 化 下 一 代 网 络 的 话 音 业 务 和 数 据 业 务 此 外, 任 何 人 通 过 这 些 软 件 都 可 随 时 随 地 访 问 几 乎 任 何 网 络, 运 行 任 何 协 议,

Transcription:

命令行用户 StoneOS 5.0R4P3.6 www.hillstonenet.com.cn TWNO: TW-CUG-UNI-QOS-5.0R4P3.6-CN-V1.0-Y14M11

1 QoS... 1 QoS... 1 QoS... 1... 2... 2... 2... 3... 4... 5... 5 QoS... 5 Class... 6... 7 DSCP... 7 CoS... 7 IP...... 8 QoS... 8 IP...... 9 / /... 9 Class... 9 QoS Profile... 9... 11... 11... 12 IP QoS IP QoS... 12 IP QoS... 14... 14... 15 CoS... 15 DSCP... 15

IP... 16... 16... 16 QoS QoS... 17 QoS Profile... 18 QoS... 19 Class... 19... 19 QoS... 20 QoS Profile... 20 QoS... 20 QoS... 21 Class QoS... 21 QoS... 21 QoS... 22 1... 22 2... 23 3... 24 4 QoS... 25 5... 25 6&... 26 7 IP QoS 1... 27 8 IP QoS 2... 28 1... 28 2... 29 3... 30 9 IP QoS VR... 31 10 IP QoS... 34 11 QoS... 35 12 QoS Profile... 36 13 QoS... 38... 38 QoS... 39 IP... 40 14... 41... 41... 42

... 47 2... 49... 49... 49... 49... 49... 50 SmartDNS... 50 ISP... 50 SmartDNS... 50... 52... 53... 53... 54 3... 56... 56... 56... 57

StoneOS 1 QoS StoneOS QoS 2 StoneOS 3 StoneOS CLI Hillstone WebUI Hillstone < > WebUI MTU < > CLI { } [ ]

hostname

1 QoS QoS QoS Qualityof Service QoS QoS QoS QoS QoS QoS 1 QoS Ingress Egress LLQ Ingress Traffic DSCP Marking VoIP VoIP HTTP Marker or Policer HTTP Classsifier IP IP PHY IF Ingress Traffic Classification and Marking WRED Congestion Avoidance Queuing and Shaping Congestion Management Scheduling PHY IF Egress Traffic 1

Congestion Management Congestion Avoidence QoS QoS 2 Layer 2 Layer 3 Layer 4 MAC/COS/ VLAN ToS/ DSCP SRC IP DST IP SRC Port DST Port Layer 7 APP type/signature 1 Layer 1 Layer 2 Layer 3 Layer 4 Layer 7 MAC 802.1Q/p CoS VLAN IP IP Precedence DiffServ DSCP / IP TCP UDP Application Application Type Signature 802.1Q/p 2 802.1Q/p 3 IP DSCP 802.1Q 802.1p CoS 2 2

8 0 7 2 IP DSCP 7 Reserved 6 Reserved 5 Voice 4 Video Conference 3 Call Signaling 2 High-priority Data 1 Medium-priority Data 0 Best-effort Data IP CoS 8 0 7 30-2 DSCP DiffServ Code Point DSCP 6 QoS 6 IP 3 ToS 3 DSCP 0 63 DSCP IP 3 DSCP IP ToS 7 6 5 4 3 2 IP Precedence Unused DSCP ECN DSCP DSCP PHB PHB BE DSCP 0 AFxy EF RFC2547 2597 3246 DSCP QoS QoS 3

3 TCP TCP Hillstone conform excess CIR Committed Information Rate CBS Committed Burst Size C EBS Excess Burst Size E C E C C E 4

4 CIR Overflow CBS EBS Packet B<Tc No B<Te No Yes Yes Conform Exceed Violate Action Action Action B= Tc=CBS Te=EBS CBS CBS EBS EBS Exceed EBS QoS Hillstone CBWFQ LLQ CBWFQ LLQLLQ PQ CQ WFQ LLQ LLQ 33% TCP Hillstone WRED QoS Hillstone QoS Profile QoS 5

QoS QoS Profile QoS Class 1. Class Class 2. QoS Profile QoS Profile 3. QoS Profile QoS Profile QoS Hillstone Hillstone DSCP CoS IP QoS IP Class Class class-map class-name class-name Class Class Class Class Class class-default QoS class-default classdefault class-default 25% Class 10 no class-map clas-name Class 6

Hillstone FTP SMTP OSPF Class match application app-name app-name Class no match application app-name QoS Profile Class Application ID show application list Application ID DSCP DSCP Class match dscp dscp-value1 [dscp-value2] [dscp-value3] [dscp-value4] dscp-value DSCP Hillstone DSCP 0 63 RFC DSCP af11 cs2 4 DSCP DSCP Class no match dscp dscp-value1 [dscp-value2] [dscp-value3] [dscp-value4] DSCP CoS CoS Class match cos cos-value1 [cos-value2] [cos-value3] [cos-value4] cos-value 802.1Q CoS 0 7 4 CoS CoS Class no match cos cos-value1 [cos-value2] [cos-value3] [cos-value4] CoS IP IP IP QoS IP Class 7

match ip-range start-ip end-ip start-ip IP IP end-ip IP IP ip-range B Class no match ip-range start-ip end-ip IP IP Class match address address-entry address-entry Class no match address address-entry QoS QoS Class match policy-qos-tag tag-value tag-value QoS 1 1024 P2P Profile QoS QoS Class no match policy-qos-tag tag-value QoS QoS IP IP IP Precedence Class match precedence precedence-value1 [precedence-value2] [precedence-value3] [precedence-value4] precedence-value IP 0 7 4 IP IP Class no match precedence precedence-value1 [precedence-value2] [precedence-value3] [precedence-value4] 8

IP Class match input-interface interface-name interface-name Class no match input-interface interface-name / / / / QoS QoS Class match {role role-name user aaa-server-name user-name user-group aaa-server-name user-group-name} role-name aaa-server-name AAA user-name - user-group-name - Class no match {role role-name user aaa-server-name user-name user-group aaa-server-name user-group-name} Class Class show class-map [class-name] class-name class class QoS Profile QoS Profile QoS QoS Profile Hillstone QoS IP QoS QoS QoS IP QoS Profile QoS Profile QoS Profile QoS Profile 9

qos-profile qos-profile-name qos-profile-name QoS Profile QoS Profile QoS QoS Profile no qos-profile qos-profile-name QoS Profile QoS Profile QoS Profile schedule schedule-name schedule-name QoS Profile QoS Profile 10 QoS Profile no no schedule schedule-name QoS QoS Profile QoS Profile Class QoS QoS Profile 64 Class class-default QoS Profile IP QoS IP IP QoS QoS Profile Class QoS Profile class class-name class-name Class QoS Profile Class no class class-name QoS Profile Class QoS Profile Class QoS IP QoS IP QoS IP QoS DSCP 10

CoS IP QoS QoS Profile Class QoS Profile Class bandwidth {bandwidth-value percent percentage} [schedule schedule-name] bandwidth-value Class kbps CBWFQ 32 1000000 percent percentage Class 1 100 schedule-name 8 QoS Profile Class no bandwidth Class Conform Exceed QoS Profile Class police cir-value [cbs-value] [ebs-value] conform-action {drop set-dscp-transmit dscp-value set-prec-transmit precedence-value transmit} exceed-action {drop set-dscp-transmit dscp-value set-prec-transmit precedence-value transmit} [violate-action {drop set-dscp-transmit dscp-value set-prec-transmit precedence-value transmit}] [schedule schedule-name] cir-value CIR kbps Class 32 1000000 cbs-value CBS 2048 51200000 ebs-value EBS 2048 51200000 conform-action drop 11

set-dscp-transmit dscp-value DSCP set-prec-transmit precedence-value IP transmit exceed-action - conform-action violate-action - conform-action schedule-name 8 QoS Profile Class no police Class Class QoS Profile Class shape cir-value [cbs-value] [ebs-value] [schedule schedule-name] cir-value CIR kbps Class 32 1000000 cbs-value CBS 2048 51200000 ebs-value EBS 2048 51200000 schedule-name 8 QoS Profile Class no shape Class IP QoS IP QoS IP QoS IP QoS IP IP QoS QoS Profile Class IP IP IP QoS QoS QoS Profile IP QoS 12

Profile Class IP QoS IP QoS Profile Class ip-qos {shared-bandwidth per-ip} {max-bandwidth bandwidth reserve-bandwidth bandwidth [max-bandwidth bandwidth]} [schedule schedule-name] shared-bandwidth IP max-bandwidth bandwidth reserve-bandwidth bandwidth IP Class ip-range per-ip IP max-bandwidth bandwidth reserve-bandwidth bandwidth IP Class ip-range max-bandwidth bandwidth IP IP share d-bandwidth IP per-ip kbps 32 1000000 reserve-bandwidth max-bandwidth 100000 reserve-bandwidth bandwidth IP IP share d-bandwidth IP per-ip kbps 32 1000000 schedule-name 8 QoS Profile Class no ip-qos {shared-bandwidth per-ip} {max-bandwidth bandwidth reserve-bandwidth bandwidth [max-bandwidth bandwidth]} [schedule schedule-name] IP QoS IP IP IP IP IP class-default class-default 0 IP IP QoS IP1 IP20 IP 1M IP21 IP40 IP 1M 10M 13

IP1-IP9 IP21-IP40 IP1-IP9 1M IP1-IP9 1M IP21-IP40 1M IP10 1M IP10 IP1-IP10 1M IP1-IP10 1M IP21-IP40 class-default class-default 0 IP QoS P2P Hillstone IP QoS IP IP QoS IP QoS IP QoS QoS Profile 1 5 5 IP QoS 1 3 IP QoS Hillstone IP QoS IP QoS 1. IP QoS 2. IP QoS Profile IP QoS IP QoS QoS Profile Class set ip-qos-priority number number IP QoS 1 5 3 QoS Profile Class no set ip-qos-priority IP QoS LLQ PQ CQ WFQ LLQ LLQ 33% Class QoS Profile Class priority {bandwidth-value percent percentage} [burst-size] [schedule schedule-name] bandwidth-value kbps 32 1000000 Class percent percentage 1 100 burst-size 2048 51200000 14

schedule-name 8 QoS Profile Class no priority Class Hillstone WRED WRED TCP WRED WRED QoS Profile Class random-detect [dscp-based prec-based] dscp-based WRED DSCP prec-based WRED IP QoS Profile Class no random-detect Class CoS CoS match cos CoS QoS CoS QoS Profile Class CoS QoS Profile Class set cos cos-value cos-value CoS 0 7 QoS Profile Class no set cos Class CoS DSCP DSCP QoS DSCP DSCP QoS Profile DSCP IP Class DSCP QoS Profile Class set dscp dscp-value dscp-value DSCP 0 63 af11 cs2 QoS Profile Class no set dscp Class DSCP 15

IP IP QoS DSCP IP QoS QoS Profile IP DSCP Class IP QoS Profile Class set precedence precedence-value precedence-value IP 0 7 QoS Profile Class no set precedence Class IP QoS Profile Class Class QoS Profile Class match-priority priority-number priority-number Class 1 256 1 class-default Class 255 Class QoS Profile class-default 256 Class QoS Profile Class no match-priority Class Hillstone QoS QoS Profile exception-list {ip-range A.B.C.D A.B.C.D address address-entry} A.B.C.D A.B.C.D IP address-entry QoS Profile no exception-list Internet 1000k DMZ IP 10.101.1.0 10.101.1.150 DMZ Web FTP IP 10.100.6.10 10.100.6.20 class-map internet hostname(config-class-map)# match ip-range 10.101.1.0 10.101.1.150 16

qos-profile ipqos hostname (config-qos-profile)# exception-list ip-range 10.100.6.10 10.100.6.20 hostname (config-qos-profile)# class internet hostname (config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 1000 hostname (config-qos-prof-cmap)# exit hostname (config-qos-profile)# exit interface ethernet0/2 hostname(config-if-eth0/2)# qos-profile input ipqos hostname(config-if-eth0/2)# qos-profile output ipqos hostname(config-if-eth0/2)# exit QoS QoS QoS QoS QoS Profile Class QoS QoS QoS Profile QoS Profile Class QoS QoS Profile Class role-qos {share per-user} {max-bandwidth bandwidth reserve-bandwidth bandwidth [max-bandwidth bandwidth]} [schedule schedule-name] share max-bandwidth bandwidth reserve-bandwidth bandwidth IP Class ip-range per-user max-bandwidth bandwidth reserve-bandwidth bandwidth max-bandwidth bandwidth share per -user kpbs 32 1000000 reserve-bandwidth max-bandwidth 100000 reserve-bandwidth bandwidth share d-bandwidth per-ip kpbs 32 1000000 schedule-name 17

8 QoS Profile QoS QoS QoS QoS Profile Class no role-qos {share per-user} {max-bandwidth bandwidth reserve-bandwidth bandwidth [max-bandwidth bandwidth]} [schedule schedule-name] QoS Class class-default class-default class-default class-default 0 QoS role1 role20 1M role21 role40 1M 10M role1 role40 user1 user40 user1-user9 user21-user40 user1 -user9 1M user1-user9 1M user21-user40 1M user10 1M user10 user1-user10 1M user1-user10 1M user21-user40 class-default class-default 0 QoS Profile QoS Profile QoS Class QoS Profile IP/ / IP/ / QoS Profile QoS Profile Class qos-profile qos-profile-name qos-profile-name QoS Profile QoS Profile 18

QoS Profile Class no qos-profile QoS Profile QoS Profile QoS IP QoS Profile QoS Profile QoS IP QoS Profile QoS Profile 16 Class IP QoS Profile QoS Profile QoS Profile 16 Class Class QoS Profile bandwidth priority QoS QoS IP QoS QoS QoS Profile shaping-for-egress QoS Profile no shaping-for-egress Class QoS Profile Class QoS Profile Class QoS Profile Class disable QoS Profile Class no disable Class QoS Profile QoS Profile Class no class class-name QoS Profile QoS QoS Profile qos-profile [1st-level 2nd-level] {input output} qos-profile-name 1st-level 2nd-level QoS 1st-level 2nd-level input output QoS Profile input output qos-profile-name QoS Profile no qos-profile [1st-level 2nd-level] {input output} QoS Profile 19

IP QoS Profile QoS Profile QoS QoS show QoS QoS show qos interface interface-name [1st-level-input 1st-level-output 2nd-level-input 2nd-level-output] [detail] interface-name 1st-level-input QoS 1st-level-output - QoS 2st-level-input QoS 2st-level-output - QoS detail QoS QoS Profile QoS show QoS Profile show qos-profile [qos-profile-name] qos-profile-name QoS Profile QoS Profile QoS IP QoS QoS IP IP Hillstone QoS IP QoS StoneOS QoS Class QoS QoS Class QoS QoS QoS Class QoS Class QoS QoS 75 85 QoS 75% 85% QoS 20

QoS QoS flex-qos low-water-mark value high-water-mark value low-water-mark value 50 80 75 high-water-mark value 81 90 85 no flex-qos QoS QoS flex-qos-up-rate rate rate / *IP 1 1 16 no no flex-qos-up-rate Class QoS QoS Class QoS Class QoS QoS Profile Class flex-qos no flex-qos Class QoS Class IP QoS Profile Class flex-qos max-bandwidth bandwidth bandwidth kbps IP 100 64 1000000 QoS Profile Class no no flex-qos max-bandwidth Hillstone QoS IP QoS QoS IP QoS IP IP QoS QoS QoS QoS QoS IP 21

QoS VoIP P2P QoS QoS IP QoS 14 QoS 1 2 3 4 QoS 5 6 & 7 IP QoS 1 8 IP QoS 2 9 IP QoS VR 10 IP QoS 11 QoS 12 QoS Profile 13 QoS 14 1 Profile1 QoS Profile Class class1 class2 HTTP class2 QoS 2 class1 class2 class-map class1 hostname(config-class-map)# match application http class-map class2 hostname(config-class-map)# match policy-qos-tag 2 Profile1 qos-profile profile1 22

hostname(config-qos-profile)# class class1 hostname(config-qos-prof-cmap)# set dscp 20 hostname(config-qos-prof-cmap)# match-priority 1 hostname(config-qos-profile)# class class2 hostname(config-qos-prof-cmap)# set dscp 35 hostname(config-qos-prof-cmap)# match-priority 15 hostname(config-qos-profile)# exit Profile1 ethernet0/3 interface ethernet0/3 hostname(config-if-eth0/3)# qos-profile input profile1 hostname(config-if-eth0/3)# exit ethernet0/3 Hillstone HTTP Policy QoS 2 DSCP 20 35 class1 class2 class1 2 QoS Profile HTTP DSCP af11 QoS 1 P2P Profile QoS cs7 FTP ef RFC af11 cs7 ef 3 DSCP http ftp trash class class-map http hostname(config-class-map)# match application http class-map ftp hostname(config-class-map)# match application ftp class-map trash hostname(config-class-map)# match policy-qos-tag 1 QoS Profile qos-profile classification hostname(config-qos-profile)# class http hostname(config-qos-prof-cmap)# set dscp af11 23

hostname(config-qos-profile)# class ftp hostname(config-qos-prof-cmap)# set dscp ef hostname(config-qos-profile)# class trash hostname(config-qos-prof-cmap)# set dscp cs7 hostname(config-qos-profile)# exit QoS Profile ethernet0/0 ethernet0/0 QoS Profile interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile input classification hostname(config-if-eth0/0)# exit 3 HTTP 12.8M P2P 6.4M 2 HTTP af11 P2P cs7 2 af11 cs7 class class-map af11 hostname(config-class-map)# match dscp af11 class-map cs7 hostname(config-class-map)# match dscp cs7 QoS Profile HTTP P2P qos-profile control hostname(config-qos-profile)# class af11 hostname(config-qos-prof-cmap)# shape 12800 hostname(config-qos-profile)# class cs7 hostname(config-qos-prof-cmap)# police 6400 8000 8000 conform-action transmit exceed-action drop hostname(config-qos-profile)# exit QoS Profile ethernet0/1 ethernet0/1 HTTP P2P QoS Profile interface ethernet0/1 24

hostname(config-if-eth0/1)# qos-profile output control hostname(config-if-eth0/1)# exit 4 QoS QoS P2P P2P 1M ethernet0/0 2 P2P cs7 2 cs7 class class-map cs7 hostname(config-class-map)# match dscp cs7 p2p profile cs7 P2P 1M qos-profile p2p hostname(config-qos-profile)# class cs7 hostname(config-qos-prof-cmap)# police 1000 conform-action transmit exceed-action drop hostname(config-qos-profile)# exit QoS Profile ethernet0/0 ethernet0/0 P2P interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile output p2p hostname(config-if-eth0/0)# exit 5 CBWFQ QoS Profile class 2 HTTP af11 P2P cs7 2 af11 cs7 class class-map af11 hostname(config-class-map)# match dscp af11 class-map cs7 hostname(config-class-map)# match dscp cs7 25

qos-profile1 QoS Profile af11 cs7 class qos-profile qos-profile1 hostname(config-qos-profile)# class af11 hostname(config-qos-prof-cmap)# bandwidth 5000 hostname(config-qos-profile)# class cs7 hostname(config-qos-prof-cmap)# bandwidth 2500 hostname(config-qos-profile)# exit ethernet0/2 policy1 ethernet0/2 interface ethernet0/2 hostname(config-if-eth0/2)# bandwidth upstream 10000000 hostname(config-if-eth0/2)# qos-profile output qos-profile1 hostname(config-if-eth0/2)# exit ethernet0/2 10M classdefault 2.5M 10-5-2.5 class-default CBWFQ class1 20M class2 15M class-default class-default 2.5M class1 class2 6 & LLQ 3M HTTP 4M P2P 6.4M P2P 2 ef HTTP af11 P2P cs7 2 af11 cs7 ef class class-map ef hostname(config-class-map)# match dscp ef class-map af11 hostname(config-class-map)# match dscp af11 class-map cs7 hostname(config-class-map)# match dscp cs7 26

llq QoS Profile ef af11 cs7 class qos-profile llq hostname(config-qos-profile)# class ef hostname(config-qos-prof-cmap)# priority 3000 hostname(config-qos-profile)# class af11 hostname(config-qos-prof-cmap)# bandwidth 4000 hostname(config-qos-prof-cmap)# random-detect hostname(config-qos-profile)# class cs7 hostname(config-qos-prof-cmap)# police 6400 8000 8000 conform-action transmit exceed-action drop hostname(config-qos-profile)# class class-default hostname(config-qos-prof-cmap)# random-detect hostname(config-qos-profile)# exit ethernet0/3 QoS Profile ethernet0/3 ethernet0/3 interface ethernet0/3 hostname(config-if-eth0/3)# bandwidth upstream 10000000 hostname(config-if-eth0/3)# qos-profile output llq hostname(config-if-eth0/3)# exit ethernet0/3 10M class cs7 class-default 3M 10-3-4 class-default class cf11 7M 5+2 class ef 3M 7 IP QoS 1 IP QoS Class ip-range1 IP 2M Class ip-range2 IP 10M class class-map ip-range1 hostname(config-class-map)# match ip-range 2.2.0.0 2.2.10.255 class-map ip-range2 hostname(config-class-map)# match ip-range 192.168.100.200 192.168.100.200 27

QoS Profile qos-profile profile1 hostname(config-qos-profile)# class ip-range1 hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 2000 hostname(config-qos-profile)# class ip-range2 hostname(config-qos-prof-cmap)# match-priority 3 hostname(config-qos-prof-cmap)# ip-qos shared-bandwidth max-bandwidth 10000 hostname(config-qos-profile)# exit QoS Profile interface ethernet0/2 hostname(config-if-eth0/2)# qos-profile input profile1 hostname(config-if-eth0/2)# qos-profile output profile1 hostname(config-if-eth0/2)# exit 8 IP QoS 2 IP QoS class ip-range1 IP 2M IP 800k ethernet0/1 Internet ethernet0/0 IP 1.1.1.1 1.1.1.255 2M IP 800k 1 1 WebUI IP QoS 1. QoS 2. IP QoS 3. <IP QoS> exam_ipqos1 ethernet0/0 IP IP 1.1.1.1 1.1.1.255 IP 800 IP 800 28

4. 5. IP QoS <IP QoS> exam_ipqos2 ethernet0/1 IP IP 1.1.1.1 1.1.1.255 2000 2000 6. 2 2 IP QoS profile ip-range class class-map ip-range hostname(config-class-map)# match ip-range 1.1.1.1 1.1.1.255 ipq-share QoS profile IP 2M qos-profile ipq-share hostname(config-qos-profile)# class ip-range hostname(config-qos-prof-cmap)# ip-qos share max-bandwidth 2000 hostname(config-qos-profile)# exit ipq-per QoS profile IP 800k qos-profile ipq-per hostname(config-qos-profile)# class ip-range hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 800 hostname(config-qos-profile)# exit QoS Profile interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile input ipq-per hostname(config-if-eth0/0)# exit interface ethernet0/1 hostname(config-if-eth0/1)# qos-profile output ipq-share hostname(config-if-eth0/1)# exit 29

3 interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile output ipq-share hostname(config-if-eth0/0)# exit interface ethernet0/1 hostname(config-if-eth0/1)# qos-profile input ipq-per hostname(config-if-eth0/1)# exit 3 QoS profile IP QoS profile ip-range class class-map ip-range hostname(config-class-map)# match ip-range 1.1.1.1 1.1.1.255 appq QoS profile IP 2M qos-profile appq hostname(config-qos-profile)# class ip-range hostname(config-qos-prof-cmap)# police 2000 conform-action transmit exceed-action drop hostname(config-qos-profile)# exit ipq-per QoS profile IP 800k qos-profile ipq-per hostname(config-qos-profile)# class ip-range hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 800 hostname(config-qos-profile)# exit QoS Profile interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile input ipq-per hostname(config-if-eth0/0)# exit interface ethernet0/1 hostname(config-if-eth0/1)# qos-profile output appq hostname(config-if-eth0/1)# exit 30

interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile output appq hostname(config-if-eth0/0)# exit interface ethernet0/1 hostname(config-if-eth0/1)# qos-profile input ipq-per hostname(config-if-eth0/1)# exit 9 IP QoS VR 200 IP ip-range1 1.1.1.1 1.1.1.10 ip-range2 2.1.1.1 2.1.1.10 ip-range200 200.1.1.1 200.1.1.10 IP QoS IP 1M 4M 10M QoS Profile 64 Class 200 IP VR IP QoS 5 IP QoS VR VR trust-vr VR1 SNAT 200 IP IP ip-range1 ip-range2 ip-range200 IP1 IP2 IP200 200 IP trust-vr IP QoS IP Hillstone VR 31

hostname# exec vrouter enable Warning: please reboot the device to make the change validation! hostname# reboot System reboot, are you sure? y/[n]: y VR1 ip vrouter VR1 hostname(config-vrouter)# exit zone trust hostname(config-zone-trust)# vrouter VR1 hostname(config-zone-trust)# exit 200 200 address ip-range1 hostname(config-addr)# range 1.1.1.1 1.1.1.10 hostname(config-addr)# exit address ip-range2 hostname(config-addr)# range 2.1.1.1 2.1.1.10 hostname(config-addr)# exit address ip-range200 hostname(config-addr)# range 200.1.1.1 200.1.1.10 hostname(config-addr)# exit 200 200 IP address ip1 hostname(config-addr)# ip 1.1.1.100/32 hostname(config-addr)# exit address ip2 hostname(config-addr)# ip 2.1.1.100/32 hostname(config-addr)# exit address ip200 hostname(config-addr)# ip 200.1.1.100/32 hostname(config-addr)# exit VR1 200 SNAT 200 200 IP ip vrouter VR1 hostname(config-vrouter)# snatrule id 1 from ip-range1 to any evr trust-vr trans-to ip1 hostname(config-vrouter)# snatrule id 2 from ip-range2 to any evr trust-vr 32

trans-to ip2 hostname(config-vrouter)# snatrule id 200 from ip-range200 to any evr trust-vr trans-to ip200 hostname(config-vrouter)# exit SNAT 200 IP IP address 1m hostname(config-addr)# member ip1 hostname(config-addr)# member ip5 hostname(config-addr)# member ip6 hostname(config-addr)# exit address 4m hostname(config-addr)# member ip101 hostname(config-addr)# member ip15 hostname(config-addr)# exit Class class-map 1m hostname(config-class-map)# match address 1m class-map 4m hostname(config-class-map)# match address 4m ipq QoS profile qos-profile ipq hostname(config-qos-profile)# class 1m hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 1000 hostname(config-qos-profile)# class 4m hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 4000 QoS Profile interface ethernet0/2 33

hostname(config-if-eth0/2)# qos-profile input ipq hostname(config-if-eth0/2)# qos-profile output ipq hostname(config-if-eth0/2)# exit 10 IP QoS ethernet0/0 176.133.13.8 Internet PC1 10.200.2.2 PC2 10.200.1.2 ethernet0/1 10.200.2.1 ethernet0/2 10.200.1.1 Class class-map http hostname(config-class-map)# match application http class-map game hostname(config-class-map)# match application game_kart hostname(config-class-map)# match application game_dance class-map ip-range1 hostname(config-class-map)# match ip-range 10.200.2.2 10.200.2.255 class-map ip-range2 hostname(config-class-map)# match ip-range 10.200.1.2 10.200.1.255 QoS Profile qos-profile ip-priority-mark hostname(config-qos-profile)# class game hostname(config-qos-prof-cmap)# set ip-qos-priority 1 hostname(config-qos-profile)# class http hostname(config-qos-prof-cmap)# set ip-qos-priority 2 hostname(config-qos-profile)# exit qos-profile ip-qos hostname(config-qos-profile)# class ip-range1 hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 3000 hostname(config-qos-profile)# class ip-range2 hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 2000 hostname(config-qos-profile)# exit QoS Profile 34

interface ethernet0/1 hostname(config-if-eth0/1)# qos-profile input ip-priority-mark hostname(config-if-eth0/1)# exit interface ethernet0/2 hostname(config-if-eth0/2)# qos-profile input ip-priority-mark hostname(config-if-eth0/2)# exit interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile output ip-qos hostname(config-if-eth0/0)# exit 11 QoS role1 user11 user12 1M role2 user21 user22 user23 4M class-default 200k role role1 role role2 aaa-server local type local hostname(config-aaa-server)# user user11 hostname(config-user)# exit hostname(config-aaa-server)# user user12 hostname(config-user)# exit hostname(config-aaa-server)# user user21 hostname(config-user)# exit hostname(config-aaa-server)# user user22 hostname(config-user)# exit hostname(config-aaa-server)# user user23 hostname(config-user)# exit hostname(config-aaa-server)# exit role-mapping-rule rule1 hostname(config-role-mapping)# match user user11 role role1 hostname(config-role-mapping)# match user user12 role role1 hostname(config-role-mapping)# match user user21 role role2 hostname(config-role-mapping)# match user user22 role role2 hostname(config-role-mapping)# match user user23 role role2 hostname(config-role-mapping)# exit aaa-server local type local hostname(config-aaa-server)# role-mapping-rule rule1 hostname(config-aaa-server)# exit Web SCVPN 802.1X Class 35

class-map class1 hostname(config-class-map)# match role role1 class-map class2 hostname(config-class-map)# match role role2 QoS Profile qos-profile role-profile hostname(config-qos-profile)# class class1 hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 1000 hostname(config-qos-profile)# class class2 hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 4000 hostname(config-qos-profile)# class class-default hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 200 hostname(config-qos-profile)# exit QoS Profile interface ethernet0/2 hostname(config-if-eth0/2)# qos-profile input role-profile hostname(config-if-eth0/2)# qos-profile output role-profile hostname(config-if-eth0/2)# exit 12 QoS Profile 10 QoS Profile HTTP FTP P2P Class QoS Profile 10 Class application-group p2p hostname(config-svc-group)# application bt hostname(config-svc-group)# application emule hostname(config-svc-group)# application xunlei hostname(config-svc-group)# application vagaa hostname(config-svc-group)# application pplive hostname(config-svc-group)# application kugoo hostname(config-svc-group)# exit class-map http hostname(config-class-map)# match application http 36

class-map ftp hostname(config-class-map)# match application ftp class-map p2p hostname(config-class-map)# match application p2p role role1 role role2 role role3 aaa-server local type local hostname(config-aaa-server)# user user1 hostname(config-user)# exit hostname(config-aaa-server)# user user2 hostname(config-user)# exit hostname(config-aaa-server)# user user21 hostname(config-user)# exit hostname(config-aaa-server)# user user22 hostname(config-user)# exit hostname(config-aaa-server)# user user23 hostname(config-user)# exit hostname(config-aaa-server)# exit role-mapping-rule rule1 hostname(config-role-mapping)# match user user1 role role1 hostname(config-role-mapping)# match user user2 role role1 hostname(config-role-mapping)# match user user21 role role2 hostname(config-role-mapping)# match user user22 role role2 hostname(config-role-mapping)# match user user23 role role3 hostname(config-role-mapping)# exit aaa-server local type local hostname(config-aaa-server)# role-mapping-rule rule1 hostname(config-aaa-server)# exit class-map class1 hostname(config-class-map)# match role role1 class-map class2 hostname(config-class-map)# match role role2 class-map class3 hostname(config-class-map)# match role role3 QoS Profile qos-profile app-qos hostname(config-qos-profile)# class http 37

hostname(config-qos-prof-cmap)# bandwidth percent 40 hostname(config-qos-profile)# class ftp hostname(config-qos-prof-cmap)# bandwidth percent 20 hostname(config-qos-profile)# class p2p hostname(config-qos-prof-cmap)# police 32 conform-action transmit exceed-action drop qos-profile role-profile hostname(config-qos-profile)# class class1 hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 1000 hostname(config-qos-prof-cmap)# qos-profile app-qos hostname(config-qos-profile)# class class2 hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 4000 hostname(config-qos-prof-cmap)# qos-profile app-qos hostname(config-qos-profile)# class class3 hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 200 hostname(config-qos-profile)# exit 13 QoS QoS 600M 5000 PC QoS 85% 100k P2P 200M P2P P2P BT P2P P2P 38

6 QoS QoS QoS P2P 200M P2P QoS 16 servgroup p2p hostname(config-svc-group)# service bt* hostname(config-svc-group)# service emule* hostname(config-svc-group)# service xunlei* hostname(config-svc-group)# service vagaa* hostname(config-svc-group)# service pplive* hostname(config-svc-group)# service kugoo* hostname(config-svc-group)# exit policy-global hostname(config-policy)# rule hostname(config-policy-rule)# src-zone trust hostname(config-policy-rule)# dst-zone untrust hostname(config-policy-rule)# action permit hostname(config-policy-rule)# policy-qos-tag 16 hostname(config-policy-rule)# src-addr any hostname(config-policy-rule)# dst-addr any hostname(config-policy-rule)# service p2p hostname(config-policy-rule)# exit hostname(config-policy)# rule hostname(config-policy-rule)# src-zone trust hostname(config-policy-rule)# dst-zone untrust 39

hostname(config-policy-rule)# action permit hostname(config-policy-rule)# src-addr any hostname(config-policy-rule)# dst-addr any hostname(config-policy-rule)# service any hostname(config-policy-rule)# exit hostname(config-policy)# exit QoS Profile P2P class-map match-p2p hostname(config-class-map)# match policy-qos-tag 16 qos-profile p2p-limit hostname(config-qos-profile)# class match-p2p hostname(config-qos-prof-cmap)# police 200000 conform-action transmit exceed-action drop hostname(config-qos-profile)# exit P2P QoS Profile interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile 1st-level input p2p-limit hostname(config-if-eth0/0)# exit IP IP QoS HTTP P2P class-map http hostname(config-class-map)# match application http qos-profile ip-priority hostname(config-qos-profile)# class http hostname(config-qos-prof-cmap)# set ip-qos-priority 1 hostname(config-qos-profile)# class match-p2p hostname(config-qos-prof-cmap)# set ip-qos-priority 5 hostname(config-qos-profile)# exit QoS Profile interface ethernet0/1 hostname(config-if-eth0/1)# qos-profile 2nd-level input ip-priority hostname(config-if-eth0/1)# exit interface ethernet0/2 hostname(config-if-eth0/2)# qos-profile 2nd-level input ip-priority hostname(config-if-eth0/2)# exit 40

interface ethernet0/3 hostname(config-if-eth0/3)# qos-profile 2nd-level input ip-priority hostname(config-if-eth0/3)# exit IP class-map ip-range hostname(config-class-map)# match ip-range 10.200.1.0 10.200.3.255 qos-profile ip-qos-limit hostname(config-qos-profile)# class ip-range hostname(config-qos-prof-cmap)# ip-qos per-ip max-bandwidth 100 hostname(config-qos-profile)# exit interface ethernet0/0 hostname(config-if-eth0/0)# qos-profile 2nd-level output ip-qos-limit hostname(config-if-eth0/0)# qos-profile 2nd-level input ip-qos-limit hostname(config-if-eth0/0)# exit QoS flex-qos low-water-mark 75 high-water-mark 85 14 QoS 600M QoS 15% 30% 20% P2P 20M 300M Group1 1M Group2 1.5M Group3 2M 15% 30% 20% P2P 10% 41

7 QoS interface ethernet0/0 hostname(config-if-eth0/0)# zone untrust hostname(config-if-eth0/0)# ip address 176.133.13.8/32 hostname(config-if-eth0/0)# exit interface ethernet0/1 hostname(config-if-eth0/1)# zone trust hostname(config-if-eth0/1)# ip address 10.200.1.1/24 hostname(config-if-eth0/1)# exit interface ethernet0/2 hostname(config-if-eth0/2)# zone trust hostname(config-if-eth0/2)# ip address 10.200.2.1/24 hostname(config-if-eth0/2)# exit interface ethernet0/3 hostname(config-if-eth0/3)# zone trust hostname(config-if-eth0/3)# ip address 10.200.3.1/24 hostname(config-if-eth0/3)# exit zone trust hostname(config-zone-trust)# application-identify 42

hostname(config-zone-trust)# exit aaa-server local hostname(config-aaa-server)# user user1 hostname(config-user)# password 111111 hostname(config-user)# exit hostname(config-aaa-server)# user user2 hostname(config-user)# password 222222 hostname(config-user)# exit hostname(config-aaa-server)# user user3 hostname(config-user)# password 333333 hostname(config-user)# exit hostname(config-aaa-server)# user-group group1 hostname(config-user-group)# member user user1 hostname(config-user-group)# exit hostname(config-aaa-server)# user-group group2 hostname(config-user-group)# member user user2 hostname(config-user-group)# exit hostname(config-aaa-server)# user-group group3 hostname(config-user-group)# member user user3 hostname(config-user-group)# exit hostname(config-aaa-server)# exit role role1 role role2 role role3 role-mapping-rule rule1 hostname(config-role-mapping)# match user-group group1 role role1 hostname(config-role-mapping)# match user-group group2 role role2 hostname(config-role-mapping)# match user-group group3 role role3 hostname(config-role-mapping)# exit aaa-server local hostname(config-aaa-server)# role-mapping-rule rule1 hostname(config-aaa-server)# exit NAT ip vrouter trust-vr hostname(config-vrouter)# ip route 0.0.0.0 0.0.0.0 176.133.13.1 hostname(config-vrouter)# snatrule from any to 176.133.13.8 trans-to eif-ip mode dynamicport hostname(config-vrouter)# exit Web address authaddr 43

hostname(config-addr)# ip 10.200.0.0/16 hostname(config-addr)# exit address group1 hostname(config-addr)# ip 10.200.1.0/24 hostname(config-addr)# exit address group2 hostname(config-addr)# ip 10.200.2.0/24 hostname(config-addr)# exit address group3 hostname(config-addr)# ip 10.200.3.0/24 hostname(config-addr)# exit webauth http set enabled service to HTTP policy-global hostname(config-policy)# rule hostname(config-policy-rule)# src-zone trust hostname(config-policy-rule)# dst-zone untrust hostname(config-policy-rule)# src-addr authaddr hostname(config-policy-rule)# dst-addr any hostname(config-policy-rule)# service any hostname(config-policy-rule)# role unknown hostname(config-policy-rule)# action webauth local hostname(config-policy-rule)# exit hostname(config-policy)# rule hostname(config-policy-rule)# src-zone trust hostname(config-policy-rule)# dst-zone untrust hostname(config-policy-rule)# src-addr group1 hostname(config-policy-rule)# dst-addr any hostname(config-policy-rule)# service any hostname(config-policy-rule)# role role1 hostname(config-policy-rule)# action permit hostname(config-policy-rule)# exit hostname(config-policy)# rule hostname(config-policy-rule)# src-zone trust hostname(config-policy-rule)# dst-zone untrust hostname(config-policy-rule)# src-addr group2 hostname(config-policy-rule)# dst-addr any hostname(config-policy-rule)# service any hostname(config-policy-rule)# role role2 hostname(config-policy-rule)# action permit hostname(config-policy-rule)# exit hostname(config-policy)# rule hostname(config-policy-rule)# src-zone trust hostname(config-policy-rule)# dst-zone untrust hostname(config-policy-rule)# src-addr group3 hostname(config-policy-rule)# dst-addr any 44

hostname(config-policy-rule)# service any hostname(config-policy-rule)# role role3 hostname(config-policy-rule)# action permit hostname(config-policy-rule)# exit hostname(config-policy)# exit schedule working hostname(config-schedule)# periodic daily 06:00 to 18:00 hostname(config-schedule)# exit schedule evening hostname(config-schedule)# periodic daily 18:00 to 21:00 hostname(config-schedule)# exit schedule night hostname(config-schedule)# periodic daily 21:00 to 06:00 hostname(config-schedule)# exit QoS Class POP3 class-map voip hostname(config-class-map)# match application SIP* hostname(config-class-map)# match application SIP class-map critical hostname(config-class-map)# match application POP3 class-map websurf hostname(config-class-map)# match application HTTP class-map p2p hostname(config-class-map)# match application APP_P2P hostname(config-class-map)# match application APP_P2P_STREAM class-map group1 hostname(config-class-map)# match role role1 class-map group2 hostname(config-class-map)# match role role2 class-map group3 hostname(config-class-map)# match role role3 QoS Profile qos-profile p2p-fine-control 45

hostname(config-qos-profile)# class group1 hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 8000 schedule working hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 80000 schedule evening hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 150000 schedule night hostname(config-qos-profile)# class group2 hostname(config-qos-prof-cmap)# # role-qos share max-bandwidth 8000 schedule working hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 80000 schedule evening hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 150000 schedule night hostname(config-qos-profile)# class group3 hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 8000 schedule working hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 80000 schedule evening hostname(config-qos-prof-cmap)# role-qos share max-bandwidth 150000 schedule night hostname(config-qos-profile)# exit qos-profile application hostname(config-qos-profile)# class voip hostname(config-qos-prof-cmap)# bandwidth percent 15 hostname(config-qos-profile)# class critical hostname(config-qos-prof-cmap)# bandwidth percent 30 hostname(config-qos-profile)# class websurf hostname(config-qos-prof-cmap)# bandwidth percent 20 hostname(config-qos-profile)# class p2p hostname(config-qos-prof-cmap)# shape 20000 schedule working hostname(config-qos-prof-cmap)# shape 150000 schedule evening hostname(config-qos-prof-cmap)# shape 300000 schedule night hostname(config-qos-prof-cmap)# qos-profile p2p-fine-control hostname(config-qos-profile)# exit QoS Profile qos-profile user-app-fine-control 46

hostname(config-qos-profile)# class voip hostname(config-qos-prof-cmap)# bandwidth percent 15 hostname(config-qos-profile)# class critical hostname(config-qos-prof-cmap)# bandwidth percent 30 hostname(config-qos-profile)# class websurf hostname(config-qos-prof-cmap)# bandwidth percent 20 hostname(config-qos-profile)# class p2p hostname(config-qos-prof-cmap)# bandwidth percent 10 hostname(config-qos-profile)# exit qos-profile user-qos hostname(config-qos-profile)# class group1 hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 1000 hostname(config-qos-prof-cmap)# qos-profile user-app-fine-control hostname(config-qos-profile)# class group2 hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 1500 hostname(config-qos-prof-cmap)# qos-profile user-app-fine-control hostname(config-qos-profile)# class group3 hostname(config-qos-prof-cmap)# role-qos per-user max-bandwidth 2000 hostname(config-qos-prof-cmap)# qos-profile user-app-fine-control hostname(config-qos-profile)# exit QoS Profile zone untrust hostname(config-zone-untrust)# qos 1st-level output application hostname(config-zone-untrust)# qos 2nd-level input user-qos hostname(config-zone-untrust)# qos 2nd-level output user-qos hostname(config-zone-untrust)# exit zone trust hostname(config-zone-trust)# qos 1st-level output application hostname(config-zone-trust)# exit Hillstone QoS 47

4 VoIP priority SNMP bandwidth Telnet Email bandwidth P2P police bandwidth police 48

2 StoneOS DNAT DNAT StoneOS ISP SmartDNS 0.0.0.0/0 ISP llb-outbd-prox-detect no no llb-outbd-prox-detect llb outbound proximity-route mask {A.B.C.D num} aging time mask {A.B.C.D num} Hillstone A.B.C.D num A.B.C.D 255.0.0.0 255.255.255.255 255.255.255.0 num 8 32 24 49

aging time 1 1440 10 no llb outbound proximity-route DNS IP ISP IP ISP SmartDNS 1. SmartDNS 2. ISP SmartDNS DNS 3. SmartDNS SmartDNS SmartDNS llb inbound smartdns {disable enable} disable SmartDNS enable SmartDNS ISP ISP llb-outbd-prox-route no ISP no llb-outbd-prox-route SmartDNS SmartDNS IP ISP IP SmartDNS SmartDNS 50

llb inbound smartdns name name SmartDNS SmartDNS SmartDNS 2500 SmartDNS no SmartDNS no llb inbound smartdns name SmartDNS domain domain-name domain-name 1 255 SmartDNS 64 SmartDNS no no domain domain-name IP ISP IP ISP ISP IP SmartDNS ip ip-address {[isp isp-name][interface interface-name]}[weight value] ip-address IP 64 IP isp isp-name ISP ISP IP ip ip-address isp-name ISP ISP 16 IP interface interface-name IP ip ip-address 16 IP ISP weight value IP 1 100 1 SmartDNS IP IP SmartDNS no IP no ip ip-address ISP ISP 51

SmartDNS ISP ISP ISP IP SmartDNS show llb {outbound inbound} outbound inbound SmartDNS show llb inbound smartdns name name SmartDNS show llb inbound smartdns test test SmartDNS hostname# show llb inbound smartdns test domain:domain name; IP: ip address; ISP: isp name; IF: interface; PROXY: proximity address book status; E: enable; D:disable TRACK: track object name; W: ip weight; S:ip status;a:active; I: inactive ====================================================================== === ---------------------------------------------------------------------- --- table name: test SmartDNS table status: enable SmartDNS domain count: 1 rule count: 1 domains: www.test.com; ip addresses: ---------------------------------------------------------------------- --- IP ISP IF PROX TRACK W S 1.1.1.1 China-telecom ethernet0/1 E 1 I ====================================================================== === TRACK S activeinactive 52

ISP isp isp-name int interface-name interface interface-name UP interface interface-name show ip route llb-outbd-prox [out-interface interface-name vrouter vrouter-name] out-interface interface-name vrouter vrouter-name VRouter ethernet0/6 ethernet0/7 DNS ISP IP DNS ISP IP 8 53

ISP ISP isp-network telecom hostname(config-isp)# 101.1.1.0/24 hostname(config-isp)# exit isp-network netcom hostname(config-isp)# 201.1.1.0/24 hostname(config-isp)# exit SmartDNS SmartDNS llb inbound smartdns enable llb inbound smartdns test hostname(config-llb-smartdns)# domain www.test.com hostname(config-llb-smartdns)# ip 100.1.1.2 isp telecom interface ethernet0/0 weight 10 hostname(config-llb-smartdns)# ip 200.1.1.2 isp netcom interface ethernet0/1 weight 10 hostname(config-llb-smartdns)# exit show show isp-network all ISP telecom status: Active Binding to nexthop: 0 Subnet(IP/Netmask): 1 101.1.1.0/24 ISP netcom status: Active Binding to nexthop: 0 Subnet(IP/Netmask): 1 201.1.1.0/24 show llb inbound smart test domain:domain name; IP: ip address; ISP: isp name; IF: interface; PROXY: proximity address book status; E: enable; D:disable TRACK: track object name; W: ip weight; S:ip status;a:active; I: inactive ================================================================== ---------------------------------------------------------------------- --- name: test domain count: 1 rule count: 2 status: enable domains: www.test.com; ip addresses: 54

---------------------------------------------------------------------- --- ID IP ISP IF PROX TRACK W S 1 100.1.1.2 telecom ethernet0/0 D 10 A 3 200.1.1.2 netcom ethernet0/1 D 10 A =================================================================== PC1 www.test.com IP 100.1.1.2 PC2 www.test.com IP 200.1.1.2 55

3 Hillstone IP IP IP DoS IM P2P ad session-limit [id id] {{src-ip address-entry dst-ip address-entry ip address-entry } [application application-name] [service service-name] [role role-name user aaa-server-name user-name user-group aaa-server-name user-group-name]} {session {unlimit max number [per-srcip per-dstip per-ip] per-user} ramp-rate max number} [schedule schedule-name] id id ID src-ip address-entry IP address -entry src-ip IP dst-ip address-entry IP addressentry dst-ip IP ip address-entry IP addressentry ip IP service servicename application application-name role role-name user aaa-server-name user-name aaa-server-name AAA user-name user-group aaa-server-name user-group-name aaa-server-name AAA user -name session {unlimit max number [per-srcip per-dstip per-ip] 56

per-user} IP unlimit session max number IP per-srcip per-dstip per-ip per-user session max number IP per-srcip per-dstip per-ip per-user src-ip dst-ip ip role src-ip per-srcip ramp-rate max number IP schedule schedule-name no ad session-limit id id id id ID show session-limit ID show session-limit clear session-limit id id statistics id id ID show session-limit 57

2024 © docsplayer.com 隐私 | 条款 | 反馈