does these lines achive what I think:

Discussion in 'Cisco' started by Didier, Jan 23, 2004.

  1. Didier

    Didier Guest

    Hi,

    I would like to prioritize:
    1) ssh (should have maximum priority, should always be available!!!)
    2) ftp (should have low priority)
    3) www (should have low priority)

    When bandwidth is very low because of high http and/or ftp traffic, I would
    like to always be able to log on "without" bandwidth problems/bottleneck via
    ssh to the server.

    I thought the following would achive my goal:

    Prioritize lines:
    priority-list 1 protocol ip low tcp www
    priority-list 1 protocol ip low tcp ftp
    priority-list 1 protocol ip high tcp 22

    External interface (Internet) eth0:
    interface Ethernet0
    ip access-group 101 in
    priority-group 1

    the following access-list:
    access-list 101 permit tcp any host 10.0.1.57 eq 22
    access-list 101 permit tcp any host 10.0.1.57 eq www
    access-list 101 permit tcp any host 10.0.1.57 eq ftp
    access-list 101 deny ip any any log-input

    Is this correct?
    Perhaps there is a better solution?

    I would really appreciate any suggestions!!!
    Thanks a lot!!!
     
    Didier, Jan 23, 2004
    #1
    1. Advertisements

  2. Note that 'ftp' in a priority list is the control channel, not the data
    channel. So you probably will want to use 'ftp-data' instead.

    Regards,

    Marco.
     
    M.C. van den Bovenkamp, Jan 23, 2004
    #2
    1. Advertisements

  3. Didier

    Didier Guest

    Hi, thanks!
    The problem is that I use passiv ftp, this traffic is being opened and
    closed between ports 60000-65000 and are handled by ip inspect that creates
    temporary access-lists.

    How could I handle this?

    Sorry, but you didn't answer ;-), is it (mostly correct) what I did?
    thx
     
    Didier, Jan 23, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.