cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1232
Views
0
Helpful
4
Replies

ASA 5505 QoS Priority Policy not working

Hey all, I fee like I have a fairly simple setup here and I have configured something similar before with no issues. I am not seeing any traffic in my priority queue no matter what I have tried.


Cisco ASA 5505, have an in house phone server in the DMZ and trying to run QoS. Using Cisco SPA504G phones and Catalyst 2950-2960 switches.

Here's my QoS entries for the ASA:

class-map VOIP-TRAFFIC

match dscp ef

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

  priority

policy-map QOS-TRAFFIC-OUT

class class-default

  shape average 10000000

  service-policy PRIORITY-POLICY

service-policy QOS-TRAFFIC-OUT interface outside

RTR(config)# sh service-policy

Interface outside:
  Service-policy: QOS-TRAFFIC-OUT
    Class-map: class-default

      shape (average) cir 10000000, bc 40000

      (pkts output/bytes output) 579534515/699320949540
      (total drops/no-buffer drops) 11523/0

      Service-policy: PRIORITY-POLICY
        Class-map: VOIP-TRAFFIC

          priority

          Queueing
          queue limit 166 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0

        Class-map: class-default

          Default Queueing
          queue limit 166 packets
          (queue depth/total drops/no-buffer drops) 0/11523/0
          (pkts output/bytes output) 579749473/699539945551

1 Accepted Solution

Accepted Solutions

Hi,

Then you have to configure the following:

priority-queue outside

policy-map PRIORITY-POLICY

no class VOIP-TRAFFIC

access-list VOIP permit ip (source ip-real ip) any(destination ip if you know that)

access-list VOIP permit ip any(destination ip if you know that) (source ip-real ip)

access-list VOIP permit ip any(destination ip if you know that) (public ip which the traffic is natted to)

access-list VOIP permit ip (public ip which the traffic is natted to) any(destination ip if you know that)

class-map VOIP-TRAFFIC

no match dscp ef

match access-list VOIP

exit

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

priority

exit

policy-map QOS-TRAFFIC-OUT

class class-default

  shape average 10000000

  service-policy PRIORITY-POLICY

service-policy QOS-TRAFFIC-OUT interface outside

- Prateek Verma

View solution in original post

4 Replies 4

prateeve
Level 1
Level 1

Hi,

Is this traffic going over vpn tunnel or is it normal traffic going through firewall?

- Prateek Verma

Normal traffic.

Hi,

Then you have to configure the following:

priority-queue outside

policy-map PRIORITY-POLICY

no class VOIP-TRAFFIC

access-list VOIP permit ip (source ip-real ip) any(destination ip if you know that)

access-list VOIP permit ip any(destination ip if you know that) (source ip-real ip)

access-list VOIP permit ip any(destination ip if you know that) (public ip which the traffic is natted to)

access-list VOIP permit ip (public ip which the traffic is natted to) any(destination ip if you know that)

class-map VOIP-TRAFFIC

no match dscp ef

match access-list VOIP

exit

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

priority

exit

policy-map QOS-TRAFFIC-OUT

class class-default

  shape average 10000000

  service-policy PRIORITY-POLICY

service-policy QOS-TRAFFIC-OUT interface outside

- Prateek Verma

Just tried it and I now see the numbers increasing in my service-policy. THANK YOU!

This might actually work better for me, I do have remote extensions that communicate to my internal PBX, so I would assume this would allow their traffic going out into the priority as well.

Review Cisco Networking for a $25 gift card