LAB CẤU HÌNH GIỚI HẠN TRAFFIC CỦA USER RA INTERNET

interface Ethernet0/0 ##Cổng trunk lên router

 switchport trunk encapsulation dot1q

 switchport mode trunk

 switchport trunk allowed vlan 100,200

!

interface Ethernet0/1

 switchport access vlan 100

 switchport mode access

!

interface Ethernet0/2

 switchport access vlan 200

 switchport mode access       

interface Ethernet0/1.100

 encapsulation dot1Q 100

 ip address 192.168.1.1 255.255.255.0

 ip nat inside

!

interface Ethernet0/1.200

 encapsulation dot1Q 200

 ip address 192.168.2.1 255.255.255.0

 ip nat inside

!

access-list 1 permit 192.168.0.0 0.0.255.255 ## ACL để NAT ra internet

ip nat inside source list 1 interface Ethernet0/0 overload

!

interface Ethernet0/0 ##Nối ra cloud

 ip address dhcp ##ăn theo IP của card VMNET8 cấp dhcp

 ip nat outside

access-list 100 permit tcp any 192.168.1.0 0.0.0.255

access-list 101 permit tcp any 192.168.2.0 0.0.0.255

!##GIỚI HẠN DOWNLOAD#######

class-map user

 match access-group 101

!

class-map admin

 match access-group 100

!

policy-map limit_download

 class admin

  police cir 5000000 ##5 triệu bit/s là 5Mbps

   conform-action transmit

   exceed-action drop

!

 class user

  police cir 2000000

   conform-action transmit

   exceed-action drop

!

interface Ethernet0/1.100 ##áp vào chiều out

service-policy output limit_download

!

interface Ethernet0/1.200

service-policy output limit_download

!##GIỚI HẠN UPLOAD#######

access-list 102 permit tcp 192.168.1.0 0.0.0.255 any

access-list 103 permit tcp 192.168.2.0 0.0.0.255 any

!

class-map user_upload

 match access-group 103

!

class-map admin_upload

 match access-group 102

!

policy-map limit_upload

 class admin_upload

  police cir 5000000

   conform-action transmit

   exceed-action drop

!

 class user_upload

  police cir 3000000

   conform-action transmit

   exceed-action drop

!

 interface Ethernet0/1.100##áp vào chiều in

service-policy input limit_upload

!

interface Ethernet0/1.200

service-policy input limit_upload