Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

QoS Implementation

I have the specified policy map applied on my 2811 router . According to the specified configurations the HTTP , sftp and Ftp traffic should be restricted but it isnt . Please review the specified configs and let me know if i am missing any thing.

class-map match-any MY_FTP

match protocol ftp

match protocol secure-ftp

match access-group name SFTP

class-map match-all BUSINESS_HOURS_FTP

match class-map MY_FTP

match access-group name Business_Hours

class-map match-all BUSINESS_HOURS_HTTPS

match protocol secure-http

match access-group name Business_Hours

class-map match-all AFTER_HOURS_FTP

match class-map MY_FTP

match not access-group name Business_Hours

class-map match-all AFTER_HOURS_HTTPS

match protocol secure-http

match not access-group name Business_Hours

policy-map CHILD

class BUSINESS_HOURS_FTP

   police 4000000 conform-action transmit exceed-action transmit violate-action drop

class BUSINESS_HOURS_HTTPS

   police 3000000 conform-action transmit exceed-action transmit violate-action drop

class AFTER_HOURS_FTP

   police 9000000 conform-action transmit exceed-action transmit violate-action drop

class AFTER_HOURS_HTTPS

   police 6000000 conform-action transmit exceed-action transmit violate-action drop

class class-default

fair-queue

policy-map QOS_OUTPUT

class class-default

shape average 20000000

service-policy CHILD

policy-map QOS_INPUT

class BUSINESS_HOURS_FTP

   police 4000000 conform-action transmit exceed-action transmit violate-action drop

class BUSINESS_HOURS_HTTPS

   police 3000000 conform-action transmit exceed-action transmit violate-action drop

class AFTER_HOURS_FTP

   police 9000000 conform-action transmit exceed-action transmit violate-action drop

class AFTER_HOURS_HTTPS

   police 6000000 conform-action transmit exceed-action transmit violate-action drop

ip access-list extended Business_Hours

permit ip any any time-range Business_Hours

ip access-list extended SFTP

permit tcp any any eq 22

permit tcp any eq 22 any

time-range Business_Hours

periodic daily 5:00 to 17:00

interface fastethernet 0/0

service-policy input QOS_INPUT

service-policy output QOS_OUTPUT

Everyone's tags (2)
365
Views
0
Helpful
0
Replies
CreatePlease to create content