#
acl advanced 3000
 rule 0 deny ip source 192.168.5.100 0 destination 192.168.7.3 0
 rule 5 deny tcp destination-port eq www
 rule 10 deny tcp source 192.168.7.4 0 destination-port eq www
#

#
acl advanced 3000
 rule 10 deny tcp source 192.168.7.4 0 destination-port eq 443 禁止上网
#

rule 0 deny tcp source 192.168.30.100 0 destination-port eq 443


*******************Qos限速*******************************************
#
acl advanced 3000
 rule 10 deny tcp source 192.168.7.4 0 destination-port eq www   ACL
#

[三层核心S5560]traffic classifier hao0564

[三层核心S5560-classifier-hao0564]if
[三层核心S5560-classifier-hao0564]if-match ac
[三层核心S5560-classifier-hao0564]if-match acl 3000 流分类
[三层核心S5560-classifier-hao0564]qu

[三层核心S5560]tra
[三层核心S5560]traffic be
[三层核心S5560]traffic behavior hao_http 创建流行为
[三层核心S5560-behavior-hao_http]

[三层核心S5560-behavior-hao_http]car cir 1024  限速
[三层核心S5560-behavior-hao_http]

qos policy hao_http
[三层核心S5560]qos policy hao_http

[三层核心S5560-qospolicy-hao_http]classifier hao0564 behavior hao_http 流分类和流行为进行绑定
[三层核心S5560-qospolicy-hao_http]

[三层核心S5560-GigabitEthernet1/0/1]qos apply policy hao_http in 在接口上进行应用
[三层核心S5560-GigabitEthernet1/0/1]qos apply policy hao_http inbound 

控制平面设置
[三层核心S5560-classifier-icmp]if-match con
[三层核心S5560-classifier-icmp]if-match control-plane p
[三层核心S5560-classifier-icmp]if-match control-plane protocol

[三层核心S5560-classifier-icmp]if-match control-plane protocol icmp

[三层核心S5560]traffic be
[三层核心S5560]traffic behavior ?
  STRING<1-31>  Name of behavior

[三层核心S5560]traffic behavior icmp
[三层核心S5560-behavior-icmp]ca
[三层核心S5560-behavior-icmp]car c
[三层核心S5560-behavior-icmp]car cir 1024
在Qos里把流策略匹配流行为
[三层核心S5560]qos policy icmp
[三层核心S5560-qospolicy-icmp]cla
[三层核心S5560-qospolicy-icmp]classifier icmp be
[三层核心S5560-qospolicy-icmp]classifier icmp behavior icmp

最后在控制平面上应用策略
[三层核心S5560]control-plane slot 1
[三层核心S5560-cp-slot1]dis th
#
control-plane slot 1
#
return
[三层核心S5560-cp-slot1]