Ciao,
non sono riuscito ad applicare le service-policy alle interfaccie, mi tornava un errore..
comunque ho risolto cosi:
Codice: Seleziona tutto
access-list 100 deny tcp any any eq smtp
access-list 100 deny tcp any any eq 465
access-list 100 deny tcp any any eq 587
access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 100 permit ip any any
access-list 101 deny tcp any eq www any
access-list 101 deny tcp any eq pop3 any
access-list 101 deny tcp any eq 143 any
access-list 101 deny tcp any eq 443 any
access-list 101 deny tcp any eq 993 any
access-list 101 deny tcp any eq 995 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 101 permit ip any any
!
interface Vlan100
rate-limit input access-group 100 200000 25000 25000 conform-action transmit exceed-action drop
rate-limit output access-group 101 200000 25000 25000 conform-action transmit exceed-action drop
in questo modo do libero utilizzo:
- da internet verso la vlan per http/s, pop/s, imap/s smtp/s
- dalla vlan verso internet per smtp/s
- traffico in/out verso le altre vlan
metre per tutto il resto blocco a 25KB/s