QoS basics on a Cisco ASA

Posted by qbn on Server Fault See other posts from Server Fault or by qbn
Published on 2009-06-30T03:13:53Z Indexed on 2010/03/13 10:05 UTC
Read the original article Hit count: 715

Filed under:
|
|

Could someone briefly explain how to use QoS on Cisco ASA 5505? I have the basics of policing down, but what about shaping and priorities? Basically what I'm trying to do is carve out some bandwidth for my VPN subnets (in an object-group called priority-traffic).

I've seen this Cisco QoS document, however configuring shaping and priority-queue don't seem to have any effects in my test. A full download of the linux kernel from kernel.org will boost a ping to a server via VPN sky high. Policing has been successful in passing this test, although it doesn't seem as efficient (I cap non-vpn traffic at 3 of my 4.5 megabits of bandwidth). Am I misunderstanding the results of the test? I think there is some simple concept I'm not grasping here.

EDIT:

Here is my config thus far (I have 4.5 megabits of bandwidth):

access-list priority-traffic extended permit ip object-group priority-traffic any 
access-list priority-traffic extended permit ip any object-group priority-traffic 
access-list priority-traffic extended permit icmp object-group priority-traffic any 
access-list priority-traffic extended permit icmp any object-group priority-traffic 
access-list non-priority-traffic extended deny ip object-group priority-traffic any 
access-list non-priority-traffic extended deny ip any object-group priority-traffic 
access-list non-priority-traffic extended permit ip any any 

priority-queue outside
  queue-limit   440

class-map non-priority-traffic
 match access-list non-priority-traffic
class-map priority-traffic
 match access-list priority-traffic
class-map inspection_default
 match default-inspection-traffic

policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
policy-map outbound-qos-policy
 class non-priority-traffic
  police input 2500000
  police output 2500000
 class priority-traffic
  priority

service-policy global_policy global
service-policy outbound-qos-policy interface outside

© Server Fault or respective owner

Related posts about cisco

Related posts about asa