cisco 2950端口限速

以前端口限速的工作都是由上级部门来做，最近由于分公司自己的内部客户需求，我们要为其提供50M的带宽.为此我们可是煞费苦心作了两天的测试，先来说说我们测试的设备连接情况：思科3560端口0/47(模拟用户)——————思科6509端口0/1、0/2(模拟局端，两条路有上联，热备)测试方法在3560及6509上分别起ftp进行测速重点来了，来说说6509上的命令吧：mls qos aggregate-policer test 50000000 100000 conform-action transmit exceed-action dropmls qosclass-map match-any test_limitematch access-group name test_addr!!policy-map rate-limit-uplinkclass test_limitepolice aggregate testip access-list extended test_addr (因为上下行都引用策略一样因此不单独做acl)permit ip any x.x.x.x 0.0.0.3 (分配给用户的互联网地址段A)permit ip x.x.x.x 0.0.0.3 anypermit ip any x.x.x.x 0.0.0.3 (分配给用户的互联网地址段B)permit ip x.x.x.x 0.0.0.3 anyinter f0/1ip addre x.x.x.x 255.255.255.252service-policy input test_uplink限制上传inter f0/2ip addre x.x.x.x 255.255.255.252service-policy input test_uplink限制上传inter g0/47service-policy input rate-limit-uplink限制下载经过测试，这个方案成功了!!哈哈，庆祝庆祝，有几点需要解释一下，因为35和65只有在input方向才能引用策略，所以同时对上行和下载作限速需要在上联和下载两方向的端口上做其次，我们中间有很多弯路，说来给大家提个醒，开始我们用的测试设备性能很低，所以始终测试不出理想的结果，很泄气，无意中拿了班上最好的一台电脑去测试，结果居然出人意料，后来又找了一台高性能设备进行测试，结果非常理想，在此提醒大家，低性能的设备在测试高带宽的时候要特别注意。

交换机端口限速总结可限速的交换机一般都在三层或者以上的交换机，自2008年之后新出的交换机型号二层设备就可以做到QOS限速，精确度达到1Mbps，例如Cisco2960系列交换机。

在这之后的大多数国内的标准二层交换机都可以做多限速，精确度基本能达到1Mbps，比如中兴的标准二层，H3C的标准二层都可以做到。

老式的CISCO标准二层交换机例如2950类的交换也可以做到限速，但是精确度只能达到10Mbps。

2950G 的交换和2950为EI型的交换没有太大的限速区别，因为限速和IOS有关系，2950系列的交换IOS版本一般都是在9.0左右，最新的2960系列交换机IOS版本在12.2左右，高版本的IOS提供了更强的系统功能。

下面针对一些限速的方法进行总结：PC1接在Cisco3550F0/1上，速率为1M;PC1接在Cisco3550F0/2上，速率为2M;Cisco3550的G0/1为出口。

PC是直接接在三层交换机端口的，意思就是说限制的是三层交换机端口的上下行流量控制，同理，如果三层交换机端口不是接PC，而是一个二层交换机，那么可以对下层的设备进行上联限速。

注:每个接口每个方向只支持一个策略;一个策略可以用于多个接口。

因此所有PC的下载速率的限制都应该定义。

在同一个策略(在本例子当中为policy-map user-down)，而PC不同速率的区分是在Class-map分别定义。

1、在交换机上启动QOSSwitch(config)#mls qos//在交换机上启动QOS2、分别定义PC1(10.10.1.1)和PC2(10.10.2.1)访问控制列表Switch(config)#access-list10permit10.10.1.00.0.0.255//控制pc1上行流量Switch(config)#access-list100permit any10.10.1.00.0.0.255//控制pc1下行流量Switch(config)#access-list11permit10.10.2.00.0.0.255//控制pc2上行流量Switch(config)#access-list111permit any10.10.2.00.0.0.255//控制pc2下行流量3、定义类，并和上面定义的访问控制列表绑定Switch(config)#class-map user1-up//定义PC1上行的类，并绑定访问列表10Switch(config-cmap)#match access-group10Switch(config-cmap)#exitSwitch(config)#class-map user2-upSwitch(config-cmap)#match access-group11//定义PC2上行的类，并绑定访问列表10 Switch(config-cmap)#exitSwitch(config)#class-map user1-downSwitch(config-cmap)#match access-group100//定义PC1下行的类，并绑定访问列表100 Switch(config-cmap)#exitSwitch(config)#class-map user2-downSwitch(config-cmap)#match access-group111//定义PC2下行的类，并绑定访问列表111 Switch(config-cmap)#exit4、定义策略，把上面定义的类绑定到该策略Switch(config)#policy-map user1-up//定义PC1上行的速率为1MSwitch(config-pmap)#class user1-upSwitch(config-pmap-c)#trust dscpSwitch(config-pmap-c)#police10240001024000exceed-action dropSwitch(config)#policy-map user2-up//定义PC2上行的速率为2MSwitch(config-pmap)#class user2-upSwitch(config-pmap-c)#trust dscpSwitch(config)#policy-map user-down//定义PC1下行的速率为1MSwitch(config-pmap)#class user1-downSwitch(config-pmap-c)#trust dscpSwitch(config-pmap-c)#police10240001024000exceed-action dropSwitch(config-pmap-c)#exitSwitch(config-pmap)#class user2-down//定义PC2下行的速率为2MSwitch(config-pmap-c)#trust dscpSwitch(config-pmap-c)#police20480001024000exceed-action dropSwitch(config-pmap-c)#exit5、在接口上运用策略Switch(config)#interface f0/1//进入PC1端口上联交换机端口配置模式Switch(config-if)#service-policy input user1-up//绑定PC1上行策略为user1-upSwitch(config)#interface f0/2//进入PC2端口上联交换机端口配置模式Switch(config-if)#service-policy input user2-up//绑定PC2上行策略为user2-upSwitch(config)#interface g0/1//进入交换机上联千兆端口配置模式Switch(config-if)#service-policy input user-down//绑定交换机上联端口策略为user-down利用三层交换中的strom-control（风暴控制）功能，该功能是基于端口控制单播\多播\组播,可以精确到0.01%，但是一个近似值。

Cisco Catalyst 2950系列交换机概述固定安装的线速快速以太网桌面交换机Cisco Catalyst 2950系列，可以为局域网（LAN）提供极佳的性能和功能。

这些独立的、10/100自适应交换机能够提供增强的服务质量（QoS）和组播管理特性，所有的这些都由易用、基于Web的Cisco集群管理套件（CMS）和集成Cisco IOS软件来进行管理。

带有10/100/1000 BaseT上行链路的Cisco Catalyst 2950 铜线千兆位，可为中等规模的公司和企业分支机构办公室提供理想的解决方案，以使他们能够利用现有的5类铜线从快速以太网升级到更高性能的千兆位以太网主干。

Catalyst 2950系列包括Catalyst 2950T-24、2950-24、2950-12和2950C-24交换机。

Catalyst 2950-24交换机有24个10/100端口；2950-12有12个10/100端口；2950T-24有24个10/100端口和2个固定 10/100/1000 BaseT上行链路端口； 2950C-24有24个10/100端口和2个固定100 BaseFX上行链路端口。

每个交换机占用一个机柜单元（RU），这样它们方便地配置到桌面和安装在配线间内（图1）。

图1 Catalyst 2950系列10/100/1000交换机以线速性能将终端工作站连接到LAN由于Catalyst 2950具备8.8Gbps的交换背板和最大4.4 Gbps的数据吞吐率，所以在它把终端工作站和用户连接到公司的LAN上时可以在各个端口提供线速连接性能。

Catalyst 2950交换机支持性能增强特性，如Fast EtherChannel（快速以太通道）和GigabitEtherChannel（千兆位以太通道）技术，可在Catalyst 2950交换机、路由器和服务器之间提供最大4 Gbps的高性能带宽。

2950目录说明 (1)产品特性 (1)配置端口 (2)配置一组端口 (2)配置二层端口 (4)配置端口速率及双工模式 (4)端口描述 (5)监控及维护端口 (6)监控端口和控制器的状态 (6)刷新、重置端口及计数器 (8)关闭和打开端口 (8)配置VLAN (9)理解VLAN (9)可支持的VLAN (10)配置正常范围的VLAN (10)生成、修改以太网VLAN (11)删除VLAN (12)将端口分配给一个VLAN (13)配置VLAN Trunks (14)使用STP实现负载均衡 (17)配置Cluster (21)说明本手册只包括日常使用的有关命令及特性，其它未涉及的命令及特性请参考英文的详细配置手册。

产品特性2950是只支持二层的交换机支持VLAN∙到250 个VLAN∙支持VLAN ID从1到4094（IEEE 802.1Q 标准）∙支持ISL及IEEE 802.1Q封装安全∙支持IOS标准的密码保护∙支持标准及扩展的访问列表来定义安全策略∙支持基于VLAN的访问列表监视∙交换机LED指示端口状态∙SPAN及远端SPAN (RSPAN) 可以监视任何端口或VLAN的流量∙内置支持四组的RMON监控功能（历史、统计、告警及事件）配置端口配置一组端口命令目的Step 1 configure terminal进入配置状态Step 2 interface range {port-range} 进入组配置状态Step 3 可以使用平时的端口配置命令进行配置Step 4 end退回Step 5 show interfaces[interface-id] 验证配置Step 6 copy running-config保存startup-config当使用interface range命令时有如下的规则:∙有效的组范围:o vlan从1 到4094o fastethernet槽位/{first port} - {last port}, 槽位为0o gigabitethernet槽位/{first port} - {last port},槽位为0o port-channel port-channel-number - port-channel-number, port-channel号从1到64∙端口号之间需要加入空格，如：interface range fastethernet 0/1 – 5是有效的，而interface range fastethernet 0/1-5是无效的.∙interface range命令只能配置已经存在的interface vlan∙所有在同一组的端口必须是相同类别的。

思科路由器限速怎么设置路由器的功能很多，在路由器中，我们可以进行限速的设置。

那么如果是思科路由器具体怎么设置限速呢?下面是学习啦小编给大家整理的一些有关思科路由器限速设置方法，希望对大家有帮助!思科路由器限速设置方法随着我国通信行业的发展，也推动了路由市场的需求量，这里主要针对思科路由器，详细的分析了思科路由器如何限速，大家都知道如果要限制某项服务，就要在路由器上设置A C L(访问控制列表)将该服务所用的端口封掉，从而阻止该服务的正常运行。

对B T软件，我们可以尝试封它的端口。

一般情况下，B T软件使用的是6880-6890端口，在公司的核心思科路由器上使用以下命令将6880-6890端口全部封锁。

限速：a c c e s s-l i s t130r e m a r kb ta c c e s s-l i s t 130 p e r m i t t c p a n y a n y r a n g e 6881 6890a c c e s s-l i s t 130 p e r m i t t c p a n y r a n g e 6881 6890 a n yr a t e-l i m i t i n p u t a c c e s s-g r o u p 130 712000 80008000c o n f o r m-a c t i o n t r a n s m i t e x c e e d-a c t i o n d r o p r a t e-l i m i t o u t p u t a c c e s s-g r o u p 130 712000 8000 8000c o n f o r m-a c t i o n t r a n s m i t e x c e e d-a c t i o n d r o p 禁止下载：a c c e s s-l i s t130d e n y t c p a n y a n y r a n g e6881 6890a c c e s s-l i s t130d e n y t c p a n y r a n g e68816890 a n yi p a c c e s s-g r o u p130i n/o u t不过现在的b t软件，再封锁后会自动改端口，一些软件还是用到8000、8080、2070等端口，限制这些端口这样网络不正常!第二种方法是使用N V A R(N e t w o r k-B a s e d A p p l i c a t i o n R e c o g n i t i o n，网络应用识别)。

Cisco Catalyst 2950系列交换机概述固定安装的线速快速以太网桌面交换机Cisco Catalyst 2950系列，可以为局域网（LAN）提供极佳的性能和功能。

这些独立的、10/100自适应交换机能够提供增强的服务质量（QoS）和组播管理特性，所有的这些都由易用、基于Web的Cisco集群管理套件（CMS）和集成Cisco IOS软件来进行管理。

带有1000 SX上行链路的Cisco Catalyst 2950 光纤千兆位，可为中等规模的公司和企业分支机构办公室提供理想的解决方案，以使他们能够利用现有的5类铜线从快速以太网升级到更高性能的千兆位以太网主干。

以线速性能将终端工作站连接到LAN由于Catalyst 2950具备的交换背板和最大 Gbps的数据吞吐率，所以在它把终端工作站和用户连接到公司的LAN上时可以在各个端口提供线速连接性能。

Catalyst 2950交换机支持性能增强特性，如Fast EtherChannel（快速以太通道）和GigabitEtherChannel（千兆位以太通道）技术，可在Catalyst 2950交换机、路由器和服务器之间提供最大4 Gbps的高性能带宽。

将LAN移植到千兆速度现在，那些还在大楼内使用铜线（5类非屏蔽线）布线的中端市场客户已经具备了把他们LAN升级为千兆位速度的真正合适的解决方案。

Catalyst 2950G-24为远程连接准备了两个光纤模块上行链路插槽，同时还有24个10/100端口。

这样，中等规模的公司就能够把他们的LAN升级到更高性能的千兆位以太网，而每端口的成本增加量并不大。

同新型Catalyst 3550-12T多层千兆位以太网交换机连接时，Catalyst 2950G-24交换机可为那些需要升级快速以太网主干的中等市场客户提供一个集成的光纤千兆位以太网解决方案。

完善的服务质量Catalyst 2950系列能够提供完善的LAN边缘QoS，在业内此类产品中无以匹敌。

公司一个楼层交换机cisco2960的F0/21端口自己down了，一片怨声载道，人生鼎沸，妈了个B的。

通过命令：sh int f0/21 看到如下结果：cisco12#sh int f0/21FastEthernet0/21 is down, line protocol is down (err-disabled)Hardware is Fast Ethernet, address is 0024.1351.2e95 (bia 0024.1351.2e95)MTU 1500 bytes, BW 100000 Kbit, DL Y 100 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Auto-duplex, Auto-speed, media type is 10/100BaseTXinput flow-control is off, output flow-control is unsupportedARP type: ARPA, ARP Timeout 04:00:00Last input 19:29:25, output 19:29:20, output hang neverLast clearing of "show interface" counters neverInput queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec130997686 packets input, 111565127662 bytes, 0 no bufferReceived 3733082 broadcasts (0 multicasts)0 runts, 0 giants, 0 throttles38 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog, 3191174 multicast, 0 pause input0 input packets with dribble condition detected121355446 packets output, 78684231708 bytes, 0 underruns0 output errors, 0 collisions, 1 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier, 0 PAUSE output0 output buffer failures, 0 output buffers swapped out通过红色部分了解端口处于故障状态，然后通过命令sh logging看看日志，结果如下：cisco12#sh loggingSyslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)Console logging: level debugging, 219 messages logged, xml disabled,filtering disabledMonitor logging: level debugging, 0 messages logged, xml disabled,filtering disabledBuffer logging: level debugging, 219 messages logged, xml disabled,filtering disabledException Logging: size (4096 bytes)Count and timestamp logging messages: disabledFile logging: disabledTrap logging: level informational, 222 message lines loggedLog Buffer (4096 bytes):hernet0/5, changed state to down7w5d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up7w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up7w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down7w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up7w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down7w5d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down7w5d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up7w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up7w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down7w5d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down7w6d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down7w6d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down7w6d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up7w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up8w1d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down8w1d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down8w1d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up8w1d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up8w1d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changedstate to down8w1d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down8w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up8w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up8w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down8w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down8w5d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up8w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up9w1d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down9w1d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down9w3d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up9w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up9w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down9w3d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down9w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up9w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up9w5d: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on FastEthernet0/21.9w5d: %PM-4-ERR_DISABLE: loopback error detected on Fa0/21, putting Fa0/21 in err-disable state9w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/21, changed state to down9w5d: %LINK-3-UPDOWN: Interface FastEthernet0/21, changed state to down9w6d: %LINK-3-UPDOWN: Interface FastEthernet0/19, changed state to up9w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to up9w6d: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.200.254)9w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down9w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to up红色部分知道了网络有loopback error detected，日吧。

2950交换机简明配置维护手册目录第1章说明 (3)第2章产品特性 (3)第3章配置端口 (3)3.1配置一组端口 (3)3.2配置二层端口 (5)3.2.1配置端口速率及双工模式 (6)3.2.2端口描述 (7)3.3监控及维护端口 (8)3.3.1监控端口和控制器的状态 (8)3.3.2刷新、重置端口及计数器 (10)3.3.3关闭和打开端口 (10)第4章配置VLAN (11)4.1理解VLAN (11)4.2可支持的VLAN (12)4.3配置正常范围的VLAN (12)4.3.1生成、修改以太网VLAN (13)4.3.2删除VLAN (14)4.3.3将端口分配给一个VLAN (15)4.4配置VLAN Trunks (16)4.4.2使用STP实现负载均衡 (19)第5章配置Cluster (23)第1章说明本手册只包括日常使用的有关命令及特性，其它未涉及的命令及特性请参考英文的详细配置手册。

第2章产品特性2950是只支持二层的交换机支持VLAN•到250 个VLAN•支持VLAN ID从1到4094（IEEE 802.1Q 标准）•支持ISL及IEEE 802.1Q封装安全•支持IOS标准的密码保护•支持标准及扩展的访问列表来定义安全策略•支持基于VLAN的访问列表监视•交换机LED指示端口状态•SPAN及远端SPAN (RSPAN) 可以监视任何端口或VLAN的流量•内置支持四组的RMON监控功能（历史、统计、告警及事件）第3章配置端口3.1 配置一组端口当使用interface range命令时有如下的规则:•有效的组范围:o vlan从1 到4094o fastethernet槽位/{first port} - {last port}, 槽位为0o gigabitethernet槽位/{first port} - {last port},槽位为0o port-channel port-channel-number - port-channel-number, port-channel号从1到64•端口号之间需要加入空格，如：interface range fastethernet 0/1 –5是有效的，而interface range fastethernet 0/1-5是无效的.•interface range命令只能配置已经存在的interface vlan•所有在同一组的端口必须是相同类别的。

配置cisco2950交换机的端口配置一组端口当使用interface range命令时有如下的规则:•有效的组范围:o vlan从1 到4094o fastethernet槽位/{first port} - {last port}, 槽位为0o gigabitethernet槽位/{first port} - {last port},槽位为0o port-channel port-channel-number - port-channel-number, port-channel号从1到64•端口号之间需要加入空格，如：interface range fastethernet 0/1 – 5是有效的，而interface range fastethernet 0/1-5是无效的.•interface range命令只能配置已经存在的interface vlan•所有在同一组的端口必须是相同类别的。

见以下例子:Switch# configure terminalSwitch(config)# interface range fastethernet0/1 - 5Switch(config-if-range)# no shutdownSwitch(config-if-range)#以下的例子显示使用句号来配置不同类型端口的组:Switch# configure terminalSwitch(config)# interface range fastethernet0/1 - 3, gigabitethernet0/1 - 2 Switch(config-if-range)# no shutdownSwitch(config-if-range)#配置二层端口2950的所有端口缺省的端口都是二层口，如果此端口已经配置成三层端口的话，则需要用switchport来使其成为二层端口。

配置端口速率及双工模式可以配置快速以太口的速率为10/100Mbps及千兆以太口的速率为10/100/1000-Mbps; 但对于GBIC端口则不能配置速率及双工模式，有时可以配置nonegotiate,当需要联接不支持自适应的其它千兆端口时Switch# configure terminalSwitch(config)# interface fastethernet0/3Switch(config-if)# speed 10Switch(config-if)# duplex half端口描述Use the no description interface configuration command to delete the description.This example shows how to add a description on Fast Ethernet interface 0/4 and to verify the description:Switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)# interface fastethernet0/4Switch(config-if)# description Connects to MarketingSwitch(config-if)# endSwitch# show interfaces fastethernet0/4 descriptionInterface Status Protocol DescriptionFa0/4 up down Connects to Marketing 监控及维护端口监控端口和控制器的状态主要命令见下表：举例如下:Switch# show interfaces statusSwitch# show interfaces fastethernet 0/1 switchportSwitch# show running-config interface fastethernet0/2刷新、重置端口及计数器Note clear counters 命令只清除用show interface所显示的计数，不影响用snmp得到的计数举例如下：Switch# clear counters fastethernet0/5Clear "show interface" counters on this interface [confirm] ySwitch#*Sep 30 08:42:55: %CLEAR-5-COUNTERS: Clear counter on interface FastEthernet0/5by vty1 (171.69.115.10)可使用clear line命令来清除或重置某一端口或串口，在大部分情况下并不需要这样做: Switch# clear interface fastethernet0/5关闭和打开端口使用no shutdown命令重新打开端口.举例如下:Switch# configure terminalSwitch(config)# interface fastethernet0/5 Switch(config-if)# shutdownSwitch(config-if)#Switch# configure terminalSwitch(config)# interface fastethernet0/5 Switch(config-if)# no shutdownSwitch(config-if)#(完)。

IntroductionThis document addresses the Frequently Asked Questions (FAQs) on the Quality of Service (QoS)features of the Cisco Catalyst 2950 series switches.Q. What is the software version requirement for the QoS features on Catalyst 2950 seriesswitches?A. The 2950 supports egress queuing and scheduling based on IEEE 802.1p class of service (CoS)values with Cisco IOS® Software Release 12.0(5)WC(1) and later. Each port on the switch gets adefault priority value. Frames that are received untagged are assigned this value. For those framesthat are received tagged, the 2950 uses the value in the tag. The 2950 queues frames at the egress port into one of four priority queues. The switch makes the queue assignments on the basis of thepriority or CoS value that is assigned to the frame at ingress. You can configure egress scheduling as either strict priority or weighted round-robin (WRR) scheduling. The Catalyst 2950 series switches run two feature sets of Cisco IOS Software, a standard image (SI) and an enhanced image (EI). Several feature differences exist between the SI version and the EI version. The SI only supports the output scheduling QoS features, whereas the EI adds support for classification, marking, and policing. Refer to the Release Notes for the Catalyst 2955, Catalyst 2950, and Catalyst 2940 Switches, Cisco IOS Release 12.1(22)EA4 for hardware and software compatibility.Q. What QoS features does the 2950 standard image (SI) support?A. The 2950 with the SI supports queuing and scheduling at egress. The 2950 with SI supports ingress classification with use of port trust states in Cisco IOS Software Release 12.1(11)EA1 and later. You can configure the ingress port to trust either class of service (CoS) or differentiated services code point (DSCP), where the default port trust state is untrusted. You can configure egress scheduling as either strict priority scheduling or weighted round-robin (WRR) scheduling.In Cisco IOS Software Releases 12.0, SI only supports configuration on CoS priorities and WRR. In Cisco IOS Software Releases 12.1 and later, SI added these features:∙Classificationo Classification on the basis of Cisco Discovery Protocol (CDP) from a Cisco IPphone∙Output queuing and schedulingo Strict priority schedulingo WRR schedulingQ. What QoS features does the 2950 enhanced image (EI) support?A. The 2950 with the EI supports Layer 2 (L2)–Layer 4 (L4) classification at ingress with use of:∙Port trust states∙QoS access control lists (ACLs)∙Class maps and policy mapsThe 2950 with EI also supports policing and marking at ingress as well as queuing and scheduling at egress. You can configure egress scheduling as either strict priority scheduling or weighted round-robin (WRR) scheduling. Refer to the Release Notes for the Catalyst 2955, Catalyst 2950, and Catalyst 2940 Switches, Cisco IOS Release 12.1(22)EA4 for hardware and software compatibility.In Cisco IOS Software Releases 12.0, EI only supports configuration on class of service (CoS) priorities and WRR. In Cisco IOS Software Releases 12.1, EI added these features:∙Classificationo Classification on the basis of:▪Port trust state▪Access control lists (ACLs)▪Policy maps▪Cisco Discovery Protocol (CDP) from a Cisco IP phoneo Trust of CoS/differentiated services code point (DSCP)o Ports CoS configuration∙Marking∙Policingo Ingress policing∙Configuration of the mapping tableo CoS-to-DSCPo DSCP-to-CoS∙Output queuing and schedulingo Strict priority schedulingo WRR schedulingQ. Do the Catalyst 2950 series switches support rate-limiting or policing on ports or VLANs?A. Catalyst 2950 series switches that run the enhanced image (EI) support ingress policing on physical interfaces only. Policers do not have support on VLAN interfaces. Catalyst 2950 series switches that run the standard image (SI) do not support policing. The minimum release with support is Cisco IOS Software Release 12.1.Q. Can the Catalyst 2950 series switches mark or rewrite IP precedence (type of service [ToS]) bits in an IP packet?A. Yes, the Catalyst 2950 series switches that run the enhanced image (EI) can mark or rewrite ToS bits in the header of an IP version 4 (IPv4) packet. Use a policy map that contains the set ipdscp statement. Or configure a policer to mark down or rewrite the differentiated services code point (DSCP) value on frames that do not conform to the rules in the policer.Note: The Catalyst 2950 only supports ingress policing.Q. Do the Catalyst 2950 series switches provide priority scheduling in the input/ingress port?A. Catalyst 2950 series switches do not provide any ingress scheduling, but they do support egress queuing and scheduling. Use the wrr-queue bandwidth command. The default is to use FIFO.Q. Do the Catalyst 2950 series switches honor the incoming class of service (CoS) values in IEEE 802.1p (dot1p) tags from IP phones?A. The Catalyst 2950 series switches provide QoS-based 802.1p CoS values. In Cisco IOS Software Release 12.0(5)WC1 and later, the 2950 series switches honor the CoS value of an incoming frame by default.Note: For untagged frames that are received on trusted and untrusted ports, QoS assigns the CoS value that the mls qos cos interface configuration command specifies. By default, this value is zero, which is trusted.Q. My server or IP phone/device cannot tag class of service (CoS) values. Can the Catalyst 2950 series switches tag the traffic from the server/device for a specific CoS value?A. Yes, the switch can tag the traffic. But you must configure the port as a trunk port andconfigure mls qos cos value, as well. In this sample configuration, interface FastEthernet 0/1 connects to an IP phone that cannot tag CoS values:interface fastethernet 0/1switchport mode trunkmls qos cos 7For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For frames that are received on the native VLAN, the default priority of the input port is used.Q. Can I override the incoming class of service (CoS) to a specific CoS value?A. Yes, you can override the CoS. Issue the mls qos cos {default-cos | override} command. The command overrides the previously configured trust state of the incoming packets and applies the default port CoS value to all incoming packets. Cisco IOS Software Release 12.1 and later support this command.Q. What is pass-through mode?A. In pass-through mode, the switch uses the class of service (CoS) value of incoming packets without a modification of the differentiated services code point (DSCP) value. The frame can pass through the switch with both the incoming CoS and DSCP values intact. When you disable pass-through mode and configure the switch port to trust CoS, the DSCP value is derived from the CoS-to-DSCP map. In this case, the DSCP usually changes as a result. In Cisco IOS Software releases earlier than Cisco IOS Software Release 12.1(11)EA1, this derivation of the DSCP value is on by default and you cannot change it. In Cisco IOS Software Release 12.1(11)EA1 and later, you can configure this with the enablement of pass-through mode on the port.Here is a sample configuration:interface fastethernet 0/1switchport mode accessmls qos trust cos pass-through dscpQ. Can I reclassify the class of service (CoS) value of data that are generated from a PC that connects to an IP phone? The IP phone attaches to a Catalyst 2950 series switch.A. Yes, you can reclassify the CoS value of the data. Issue the switchport priority extendcos interface configuration command. The command configures the IP phone to override the priority of the traffic that comes from the PC.Q. What kind of output scheduling do the Catalyst 2950 series switches provide?A. The 2950 series switches support four class of service (CoS) queues for each egress port. For Cisco IOS Software releases earlier than Cisco IOS Software Release 12.1(12c)EA1, there is support for CoS priority queue and weighted round-robin (WRR) scheduling. Here is a sample configuration:wrr-queue cos-map 1 0 1wrr-queue cos-map 2 2 3wrr-queue cos-map 3 4 5wrr-queue cos-map 4 6 7wrr-queue bandwidth 1 2 3 4Note: 1 is the lowest CoS priority queue, and 4 is the highest.In Cisco IOS Software Release 12.1(12c)EA1 and later, there is support for expedite queue and WRR scheduling instead. This scheduling uses one of the four egress queues (queue 4) as an expedite queue. WRR scheduling is performed on the three egress queues that remain. The expedite queue is a strict priority queue. Before the service of the other three queues, this expedite queue always receives service first, until it is empty. For all releases, strict priority scheduling is the default. Here is a sample configuration:wrr-queue cos-map 1 0 1 2 4wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5wrr-queue bandwidth 20 1 80 0Note: CoS 5 is mapped to queue 4. Queue 4 is the expedite queue, with bandwidth assigned to 0.Q. Can I use access control lists (ACLs) to define traffic for the application of QoS features?A. Yes, you can use IP standard, IP extended, and Layer 2 (L2) MAC ACLs in order to define a group of packets with the same characteristics. This definition of a group of packets classifies thepackets. However, configuration of a deny action is not supported in QoS ACLs on the switch. Also, if there is a match with a permit action, the switch takes the specified action that relates to QoS and exits the list. If there is no match with all entries in the list, then the QoS processing does not occur on the packet. For all Cisco IOS Software releases, this process has support in enhanced image (EI) only. Cisco IOS Software Release 12.1(11)EA1 and later support the match on the basis of the differentiated services code point (DSCP) value.Q. How do I configure the Catalyst 2950 series switches with voice VLANs for Cisco IP phone connections?A. For Cisco IOS Software Release 12.1(12c)EA1 and later, when you configure the 2950 as an access layer switch for voice, first modify the default class of service (CoS)-to-differentiated services code point (DSCP) mapping table so that:∙CoS 3 maps to DSCP 26∙CoS 4 maps to DSCP 34∙CoS 5 maps to DSCP 46Next, enable voice and data VLANs on the phone port and set the IP phone trust boundary. Issuethe mls qos trust cos command from the IP phone. Finally, modify the CoS-to-egress-queue mapping and enable the expedite queue. With enablement of the expedite queue, voice packets always receive service before all other packets. Here is a sample configuration:c2950(config)# mls qos map cos-dscp 0 8 16 26 34 46 48 56c2950(config)# mls qos bandwidth 10 20 70 0c2950(config)# interface fastethernet 0/1c2950(config-if)# mls qos trust cosc2950(config-if)# switchport voice vlan 100c2950(config-if)# switchport access vlan 10c2950(config-if)# switchport priority extend cos 0Also, the auto-QoS feature has support in Cisco IOS Software Release 12.1(12c)EA1 and later. You can use the auto-QoS feature to simplify the deployment of existing QoS features. Auto-QoS makes assumptions about the network design. As a result, the switch can prioritize different traffic flows and appropriately use the egress queues instead of the default QoS behavior. The switch offers best-effort service to each packet, regardless of the packet contents or size, and sends the packet from a single queue. When you enable auto-QoS, the feature automatically classifies traffic on the basis of traffic type and ingress packet label. The switch uses the classification in order to choose the appropriate egress queue. You use auto-QoS commands in order to identify ports that connect to Cisco IP phones. You can also identify ports that receive trusted VoIP traffic through an uplink. Auto-QoS then performs these functions:∙Detects the presence or absence of IP phones∙Configures QoS classification∙Configures egress queuesQ. How do I verify the QoS configuration on the Catalyst 2950 series switches?A. Use the commands in this table in order to verify your QoS configuration:1 This command is available only on a switch that runs the enhanced image (EI).2 DSCP = differentiated services code point3 CoS = class of service4 WRR = weighted round-robinQ. What is the show command to check on the policer metrics on a Catalyst 2950 series switch?A. On a Catalyst 2950 series switch, there are not any show commands to display the policer conform / exceed / drop rates, or the number of packets matching the ACLs in the policer. As a workaround, measure a single constant bit rate flow with the input rate on the ingress interface and the output rate on the egress interface. Then, verify if the policer did the job as expected.。

Cisco2950交换机安装配置、故障排除手册网络配置 2008-09-12 16:45 阅读121 评论0字号：大大中中小小目录第一部分交换机安装. 21.1 安装前相关考虑. 21.2 在机架上固定交换机. 21.3 安装GBIC模块. 41.4 安装连接线缆. 5第二部分交换机基本配置. 82.1 加电后首次配置. 82.2 通过浏览器配置交换机. 92.3 通过CONSOLE口进入命令行配置. 11第三部分高级配置. 20第四部分安全配置. 22第五部分故障排除. 275.1 检查设备状态指示灯. 275.2 检查配置及相关信息. 295.3 已知的问题及解决方式. 33第六部分常见问题. 35第一部分交换机安装1.1 安装前相关考虑Warning ：To prevent the switch from overheating, do not operate it in anarea that exceeds the maximum recommended ambient temperature of 113\xb0 F (45\xb0 C). To prevent airflow restriction, allow at least 3 inches (7.6 cm) of clearance around the ventilation openings。

Warning：When installing the unit, the ground connection must always bemade first And disconnected last.1.2 在机架上固定交换机l Attaching Brackets (Front Panel Forward)l Attaching Brackets (Rear Panel Forward)l Mounting the Switch in a Rackl Attaching the Optional Cable Guide1.3 安装GBIC模块l Installing a 1000BASE-X GBIC Module in the Switchl Installing a 1000BASE-T GBIC Module in the Switchl Installing a GigaStack GBIC Module in the Switch1.4 安装连接线缆注意：交换机端口速率、双工的设置Ø Let the ports autonegotiate both speed and duplex.Ø Set the port speed and duplex parameters on both ends of the connection.When connecting to workstations, servers, routers, and Cisco IP Phones, connect a straight-through Category 5 cable to an RJ-45 connector on the front panel.When connecting to switches or repeaters, use a crossover Category 5 cable。

cisco交换机限速思科路由器是世界闻名的通讯设备之一了，有不少用户不知道cisco交换机怎么限速?店铺为大家分享了具体操作方法，供大家参考!cisco交换机限速参考以下命令:登录交换机telnet 192.168.145.x4.2启用全局QOSmxxxxx3750(config)#mls qosmxxxxx3750(config)#ip access-list extended acl145-to-134 mxxxxx3750(config-ext-nacl)#permit ip host 192.168.145.12 host 192.168.134.12mxxxxx3750(config)#class-map map145-to-134mxxxxx3750(config-cmap)#match access-group name acl145-to-134mxxxxx3750(config)#policy-map map145-to-134mxxxxx3750(config-pmap)#class map145-to-134mxxxxx3750(config-pmap-c)#trust dscpmxxxxx3750(config-pmap-c)#police 10000000 1000000 exceed-action dropinterface GigabitEthernet1/0/25mxxxx3750(config-if)#service-policy input map145-to-134 25口是光纤口，是2960等二层交换机连3750的trunk口，所以要在此端口作控制4.3应用qos后，情况见下图，从图上的参数看，传输速度为1.13MB 每秒，基本上等于QOS作的10MB每秒的控制。

4.4那，应用QOS后，是不是对192.168.145.12这台电脑访问其它网段产生影响呢，我们再从145.12向其它网段的服务器拷同样的视频，看看效果。

cisco ip限速cisco 怎么设置ip限速?相信学过思科技术的童鞋们都不会陌生，但是相对于新手来说可能就有一点点困难了。

店铺整理了相关资料，供您参考!1、设置ACLaccess-list 102 permit ip host 192.168.10.2 anyaccess-list 102 permit ip any host 192.168.10.2access-list 103 permit ip host 192.168.10.3 anyaccess-list 103 permit ip any host 192.168.10.32、定义类class-map match-all 102match access-group 102class-map match-all 103match access-group 1033、将类加入策略中policy-map xiansuclass 102police 1024000 128000 conform-action transmit exceed-action dropclass 103police 1024000 128000 conform-action transmit exceed-action drop4、将策略加入端口中interface FastEthernet0/0service-policy input xiansutestservice-policy output xiansutest针对某个网段进行限速(限定的是总带宽)(1)设置ACLaccess-list 110 permit ip 192.168.10.0 0.0.0.255 anyaccess-list 102 permit ip any 192.168.10.0 0.0.0.255(2)定义类class-map match-all 110match access-group 110(3)设置策略policy-map xiansu110class 110police 10240000 1280000 conform-action transmit exceed-action drop(4)将策略加入端口interface FastEthernet0/0service-policy input xiansu110service-policy output xiansu110好了，以上就是小编为大家带来的cisco ip 限速设置方法介绍，希望可以帮到大家哦!。

Cisco交换机用QOS技术实现限速Cisco交换机用QOS技术实现限速QOS技术指一个网络能够利用各种基础技术，为指定的网络通信提供更好的服务能力, 是网络的一种安全机制，是用来解决网络延迟和阻塞等问题的一种技术。

下文yjbys店铺为大家分享的是Cisco交换机如何用QOS技术实现限速的`实例，一起来看看吧!一、网络说明PC1接在Cisco3550 F0/1上，速率为1M;PC1接在Cisco3550 F0/2上，速率为2M;Cisco3550的G0/1为出口。

二、详细配置过程注：每个接口每个方向只支持一个策略;一个策略可以用于多个接口。

因此所有PC的下载速率的限制都应该定义在同一个策略(在本例子当中为policy -map user-down)，而PC不同速率的区分是在Class-map分别定义。

1、在交换机上启动QOSSwitch(config)#mls qos //在交换机上启动QOS2、分别定义PC1(10.10.1.1)和PC2(10.10.2.1)访问控制列表Switch(config)#access-list 10 permit 10.10.1.0 0.0.0.255 //控制pc1上行流量Switch(config)#access-list 100 permit any 10.10.1.0 0.0.0.255 //控制pc1下行流量Switch(config)#access-list 11 permit 10.10.2.0 0.0.0.255 //控制pc2上行流量Switch(config)#access-list 111 permit any 10.10.2.0 0.0.0.255 //控制pc2下行流量3、定义类，并和上面定义的访问控制列表绑定Switch(config)# class-map user1-up //定义PC1上行的类，并绑定访问列表10Switch(config-cmap)# match access-group 10Switch(config-cmap)# exitSwitch(config)# class-map user2-upSwitch(config-cmap)# match access-group 11 //定义PC2上行的类，并绑定访问列表10Switch(config-cmap)# exitSwitch(config)# class-map user1-downSwitch(config-cmap)# match access-group 100 //定义PC1下行的类，并绑定访问列表100Switch(config-cmap)# exitSwitch(config)# class-map user2-downSwitch(config-cmap)# match access-group 111 //定义PC2下行的类，并绑定访问列表111Switch(config-cmap)# exit4、定义策略，把上面定义的类绑定到该策略Switch(config)# policy-map user1-up //定义PC1上行的速率为1MSwitch(config-pmap)# class user1-upSwitch(config-pmap-c)# trust dscpSwitch(config-pmap-c)# police 1024000 1024000 exceed-act ion dropSwitch(config)# policy-map user2-up //定义PC2上行的速率为2MSwitch(config-pmap)# class user2-upSwitch(config-pmap-c)# trust dscpSwitch(config-pmap-c)# police 2048000 1024000 exceed-action dropSwitch(config)# policy-map user-downSwitch(config-pmap)# class user1-downSwitch(config-pmap-c)# trust dscpSwitch(config-pmap-c)# police 1024000 1024000 exceed-action dropSwitch(config-pmap-c)# exitSwitch(config-pmap)# class user2-downSwitch(config-pmap-c)# trust dscpSwitch(config-pmap-c)# police 2048000 1024000 exceed-action dropSwitch(config-pmap-c)# exit5、在接口上运用策略Switch(config)# interface f0/1Switch(config-if)# service-policy input user1-upSwitch(config)# interface f0/2Switch(config-if)# service-policy input user2-upSwitch(config)# interface g0/1Switch(config-if)# service-policy input user-down。

2950交换机简明配置维护手册中国思科培训网目录说明 (3)产品特性 (3)配置端口 (4)配置一组端口 (4)配置二层端口 (6)配置端口速率及双工模式 (6)端口描述 (7)监控及维护端口 (8)监控端口和控制器的状态 (8)刷新、重置端口及计数器 (10)关闭和打开端口 (10)配置VLAN (11)理解VLAN (11)可支持的VLAN (12)配置正常范围的VLAN (12)生成、修改以太网VLAN (13)删除VLAN (14)将端口分配给一个VLAN (15)配置VLAN Trunks (16)使用STP实现负载均衡 (19)配置Cluster (23)说明本手册只包括日常使用的有关命令及特性，其它未涉及的命令及特性请参考英文的详细配置手册。

产品特性2950是只支持二层的交换机支持VLAN∙到250 个VLAN∙支持VLAN ID从1到4094（IEEE 802.1Q 标准）∙支持ISL及IEEE 802.1Q封装安全∙支持IOS标准的密码保护∙支持标准及扩展的访问列表来定义安全策略∙支持基于VLAN的访问列表监视∙交换机LED指示端口状态∙SPAN及远端SPAN (RSPAN) 可以监视任何端口或VLAN的流量∙内置支持四组的RMON监控功能（历史、统计、告警及事件）配置端口配置一组端口当使用interface range命令时有如下的规则:∙有效的组范围:o vlan从1 到4094o fastethernet槽位/{first port} - {last port}, 槽位为0o gigabitethernet槽位/{first port} - {last port},槽位为0o port-channel port-channel-number - port-channel-number, port-channel号从1到64∙端口号之间需要加入空格，如：interface range fastethernet 0/1 – 5是有效的，而interface range fastethernet 0/1-5是无效的.(但我在实际操作中并没有加空格，却可以？！)∙interface range命令只能配置已经存在的interface vlan∙所有在同一组的端口必须是相同类别的。