Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
2
Replies

PIX QOS

alraycisco
Level 1
Level 1

‎10-16-2008 12:40 AM - edited ‎03-11-2019 06:58 AM

Hi,

I am looking to configure QOS on my PIX running version 8.03 of the PIX software.

I would like to give priority to VPN tunnel traffic as well as certain other designated traffic, based on an acl. Ideally, I wouldn't want to police all other traffic by rate-limiting it.

My current config looks like this:

access-list acl_priority permit ip host external_ip any

class-map priority_traffic

match access-list acl_priority

class-map vpn_traffic

match tunnel-group x.x.x.x

policy-map priority_traffic

class priority_traffic

priority

class vpn_traffic

priority

service-policy priority_traffic interface outside

The thing I am unsure about is do I need to apply rate limiting (policing) under the default class or can I just leave it like this? Does the priority queue take as much bandwidth as it needs to? Also, with the above config, is traffic policed in the outbound direction only?

What I am hoping to acheive is, if the WAN connection is being hammered by large downloads, I would want the priority traffic to take precedence.

Thanks

Labels:
0 Helpful
2 Replies 2

Marwan ALshawi
VIP Alumni
VIP Alumni

‎10-16-2008 05:18 AM

first u need to enable the Priority queues on the physical interface with the command

priority-queue if_name

Priority queues are supported only on physical interfaces that have been configured with the

nameif command. Trunk interfaces and other logical interfaces are not permitted to have a

priority queue. Also, priority queues are not supported in multiple-security context mode

As soon as the priority queue is enabled for the first time, the queue limit is set to a

calculated default value. The limit is the number of 256-byte packets that can be transmitted

on the interface over a 500-ms period. Naturally, the default value varies according to the

interface speed, but it always has a maximum value of 2048 packets

Packets in the priority queue are serviced and sent out before any packets from

the normal queue. Therefore, the priority queue is not affected by the volume or types of traffic

contained in the normal queue. The priority queue can be used to provide premium service to

delay- and jitter-intolerant applications such as streaming video and voice

good luck

if helpful Rate

0 Helpful

alraycisco
Level 1
Level 1
In response to Marwan ALshawi

‎10-16-2008 07:39 AM

Hi,

Thanks for the reply.

Sorry I forgot to add that I'd enabled the priority queue on the interface.

The traffic I'm wanting to give priority to isn't delay and jitter intolerant, it's just traffic that I don't want to be affected by other internet traffic.

So with the example of the ACL, would the traffic that is natted to that public IP receive priority over all other internet traffic? How are uploads affected vs downloads?

Your help is much appreciated.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card