Saw this little goodie over on ciscoblog.com
Step 1: Create an access-list that matches my file server (172.30.100.11), but only during the day.
Router(config)# time-range DAY (creates a new time range)
Router(config-time-range)# periodic weekdays 6:00 to 22:00 (matches weekdays from 6:00am to 10:00pm)
Router(config-time-range)# periodic weekend 6:00 to 22:00 (matches weekends from 6:00am to 10:00pm)
Router(config-time-range)# exit
Router(config)# ip access-list extended SERVER
Router(config-ext-nacl)# permit ip host 172.30.100.11 any time-range DAY (matches my server during the time-range I specified above)
Router(config-ext-nacl)# exit
Router(config)#
Step 2: Create a class-map (used for QoS) that matches the SERVER access-list we just created.
Router(config)# class-map MATCH_SERVER (MATCH_SERVER is just the name)
Router(config-class-map)# match access-group name SERVER (ties in the access-list above)
Router(config-class-map)# exit
Router(config)#
Step 3: Create a policy-map (used for QoS) that throttles the bandwidth.
Router(config)# policy-map LIMIT_SERVER (creates the policy)
Router(config-pmap)# class MATCH_SERVER (applies policy to this class)
Router(config-pmap-c)# police 80000 (limits bandwidth to 80Kbps)
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)#
Step 4: Apply the new policy to the incoming interface (the one connected to my LAN, not the Internet).
Router(config)# interface fa0/0
Router(config-if)# service-policy input LIMIT_SERVER
your ads here (468x60) - after 1st post.
Skype can be blocked in a similar way as we use to block kazza,limewire and other p2p applications.
NBAR configuration to drop Skype packets
class−map match−any p2p
match protocol skype
policy−map block−p2p
class p2p
drop
int dialer0
description Internet interface
service−policy input block−p2p
If you are unsure about the bandwidth eating applications being used in your organisation. you can access the interface connected to the Internet and configure following command
ip nbar protocol-discovery.
This will enable nbar discovery on your router.
Use following command
show ip nbar protocol-discovery stats bit-rate top-n 10
it will show you top 10 bandwidth eating applications being used by the users. Now you will be able to block/restrict traffic with appropriate QoS policy.
we can also use ip nbar port-map command to look for the protocol or protocol name, using a port number or numbers other than the well-known Internet Assigned Numbers Authority (IANA)-assigned) port numbers.
You can also create custom definitions using this command.
ip nbar port-map protocol-name [tcp | udp] port-number
Up to 16 ports can be specified with this command. Port number values can range from 0 to 65535
Had some fun getting a 877 working on TPG today.
TPG require you to use PPPoE and PAP not CHAP for authentication.
Also you are required to use the full tpg username ***@L2TP.tpg.com.au
Relivant parts of the config are below.
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5snap
protocol pppoe
!
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication pap callin optional
ppp pap sent-username ***@L2TP.tpg.com.au password ***
To list the users logged into a router, issue this command:
show users
The output will show something like:
slappa#show users
Line User Host(s) Idle Location
0 con 0 00:00:00
* 2 vty 0 michaelk idle 00:00:00 192.168.0.105
The line starting with the asterisk is the session from which you run the command.
Multiple users can be logged into a Cisco router at the same time. It may be necessary (or sometimes just fun) to send a text message to one or all users on a router. For example, if you are preparing to reload the router, admin etiquette dictates that you should warn other users.
To send a message to all users on the current device use the send * command with administrator privileges:
send *
Enter message, end with CTRL/Z; abort with CTRL/C:
The sky is falling, so I’m going to reload the router in 5 minutes.
It’s been nice knowing you.
^Z
Using the show users command, you can get the line number of a specific user. If the user is logged into line 66, use this command to send them a message:
send 66
The command to send a message to the user on the console is:
send console 0
