Policing issue on ASA

networker99 · ‎12-29-2011

I have the following class maps

class-map data

match access-list data

class-map voice

match access-list voice

and the following policy-map

policy-map qos

class voice

priority

class data

police output 4500000 conform-action drop

The actual bps for "data" is not being limited unless done in the default-class? (and then it is done for all) Why does the default class always take over when I have a rule specifically defined for a particular type of traffic?

andrew.prince · ‎12-30-2011

have you read the below doc?

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1071334

Sent from Cisco Technical Support iPad App

networker99 · ‎12-30-2011

Yes, but I cant find an answer to my question

ajay chauhan · ‎12-30-2011

Traffic shaping must be applied to all outgoing traffic on a physical interface or in the case of the ASA 5505, on a VLAN. You cannot configure traffic shaping for specific types of traffic.

For traffic shaping, you can only use the class-default class map, which is automatically created by the ASA, and which matches all traffic.

networker99 · ‎12-30-2011

okay, so how do I stop the traffic from the data vlan choking out the traffic from the voice VLAN when going out the internet interface? I presume my priority statement is still valid?

ajay chauhan · ‎12-30-2011

how about making data traffic part of class default ? and do the shaping .

networker99 · ‎12-30-2011

but wont that effect the voice traffic also? I want voice to have priorty and for teh data to only be able to use a certain % of the bandwidth so it wont choke the voice..

ajay chauhan · ‎12-30-2011

Priority traffic will be served frist.

networker99 · ‎12-30-2011

okay, thanks.. and does my priority policy look okay?

andrew.prince · ‎12-31-2011

You should have read the URL all the way through, as all the answers to the questions you have asked are in the text.