Solved: ASA 5505 QoS Priority Policy not working

Christie Brinker · ‎01-16-2014

Hey all, I fee like I have a fairly simple setup here and I have configured something similar before with no issues. I am not seeing any traffic in my priority queue no matter what I have tried.

Cisco ASA 5505, have an in house phone server in the DMZ and trying to run QoS. Using Cisco SPA504G phones and Catalyst 2950-2960 switches.

Here's my QoS entries for the ASA:

class-map VOIP-TRAFFIC

match dscp ef

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

priority

policy-map QOS-TRAFFIC-OUT

class class-default

shape average 10000000

service-policy PRIORITY-POLICY

service-policy QOS-TRAFFIC-OUT interface outside

RTR(config)# sh service-policy

Interface outside:
Service-policy: QOS-TRAFFIC-OUT
Class-map: class-default

shape (average) cir 10000000, bc 40000

(pkts output/bytes output) 579534515/699320949540
(total drops/no-buffer drops) 11523/0

Service-policy: PRIORITY-POLICY
Class-map: VOIP-TRAFFIC

priority

          Queueing
          queue limit 166 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0

Class-map: class-default

          Default Queueing
          queue limit 166 packets
          (queue depth/total drops/no-buffer drops) 0/11523/0
          (pkts output/bytes output) 579749473/699539945551

prateeve · ‎01-16-2014

Hi,

Then you have to configure the following:

priority-queue outside

policy-map PRIORITY-POLICY

no class VOIP-TRAFFIC

access-list VOIP permit ip (source ip-real ip) any(destination ip if you know that)

access-list VOIP permit ip any(destination ip if you know that) (source ip-real ip)

access-list VOIP permit ip any(destination ip if you know that) (public ip which the traffic is natted to)

access-list VOIP permit ip (public ip which the traffic is natted to) any(destination ip if you know that)

class-map VOIP-TRAFFIC

no match dscp ef

match access-list VOIP

exit

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

priority

exit

policy-map QOS-TRAFFIC-OUT

class class-default

shape average 10000000

service-policy PRIORITY-POLICY

service-policy QOS-TRAFFIC-OUT interface outside

- Prateek Verma

View solution in original post

prateeve · ‎01-16-2014

Hi,

Is this traffic going over vpn tunnel or is it normal traffic going through firewall?

- Prateek Verma

Christie Brinker · ‎01-16-2014

Normal traffic.

prateeve · ‎01-16-2014

Hi,

Then you have to configure the following:

priority-queue outside

policy-map PRIORITY-POLICY

no class VOIP-TRAFFIC

access-list VOIP permit ip (source ip-real ip) any(destination ip if you know that)

access-list VOIP permit ip any(destination ip if you know that) (source ip-real ip)

access-list VOIP permit ip any(destination ip if you know that) (public ip which the traffic is natted to)

access-list VOIP permit ip (public ip which the traffic is natted to) any(destination ip if you know that)

class-map VOIP-TRAFFIC

no match dscp ef

match access-list VOIP

exit

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

priority

exit

policy-map QOS-TRAFFIC-OUT

class class-default

shape average 10000000

service-policy PRIORITY-POLICY

service-policy QOS-TRAFFIC-OUT interface outside

- Prateek Verma

Christie Brinker · ‎01-16-2014

Just tried it and I now see the numbers increasing in my service-policy. THANK YOU!

This might actually work better for me, I do have remote extensions that communicate to my internal PBX, so I would assume this would allow their traffic going out into the priority as well.