QoS basics on a Cisco ASA
Posted
by qbn
on Server Fault
See other posts from Server Fault
or by qbn
Published on 2009-06-30T03:13:53Z
Indexed on
2010/03/13
10:05 UTC
Read the original article
Hit count: 715
Could someone briefly explain how to use QoS on Cisco ASA 5505? I have the basics of policing down, but what about shaping and priorities? Basically what I'm trying to do is carve out some bandwidth for my VPN subnets (in an object-group called priority-traffic
).
I've seen this Cisco QoS document, however configuring shaping and priority-queue don't seem to have any effects in my test. A full download of the linux kernel from kernel.org will boost a ping to a server via VPN sky high. Policing has been successful in passing this test, although it doesn't seem as efficient (I cap non-vpn traffic at 3 of my 4.5 megabits of bandwidth). Am I misunderstanding the results of the test? I think there is some simple concept I'm not grasping here.
EDIT:
Here is my config thus far (I have 4.5 megabits of bandwidth):
access-list priority-traffic extended permit ip object-group priority-traffic any
access-list priority-traffic extended permit ip any object-group priority-traffic
access-list priority-traffic extended permit icmp object-group priority-traffic any
access-list priority-traffic extended permit icmp any object-group priority-traffic
access-list non-priority-traffic extended deny ip object-group priority-traffic any
access-list non-priority-traffic extended deny ip any object-group priority-traffic
access-list non-priority-traffic extended permit ip any any
priority-queue outside
queue-limit 440
class-map non-priority-traffic
match access-list non-priority-traffic
class-map priority-traffic
match access-list priority-traffic
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
policy-map outbound-qos-policy
class non-priority-traffic
police input 2500000
police output 2500000
class priority-traffic
priority
service-policy global_policy global
service-policy outbound-qos-policy interface outside
© Server Fault or respective owner