cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

cisco qos: match protocol ssh does not work - neither with acl

825
Views
0
Helpful
0
Comments

Hello i try to apply this map, it works but i have an issue with ssh traffic that start from the pc inside and goes outside. (Cisco 887VA)

SSH It is not recognized neither by match protocol ssh and neither by the acl match access-group 114

Guys, please what i am doing wrong?

the service policy is setted on atm interface

 

service-policy out QoS-Out-parent-test

----------------------------

class-map match-any ssh-interactive
match access-group 114
class-map match-any Management-1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any Signaling-1
match protocol h323
match protocol rtcp
match protocol sip
class-map match-any Voice-1
match protocol rtp audio
match application user-teamviewr_tcp
match application user-teamviewr_udp
match application user-trurconf_tcp
class-map match-any Transactional-1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
match class-map ssh-interactive
!

policy-map QoS-Out-child-test
class Voice-1
priority percent 30
class Signaling-1
bandwidth percent 10
class Transactional-1
bandwidth percent 10
class Management-1
bandwidth percent 10
class class-default
fair-queue
random-detect
bandwidth percent 30
policy-map QoS-Out-parent-test
class class-default
shape average 935000
service-policy QoS-Out-child-test

 

access-list 114 remark *************************************
access-list 114 remark # SSH QOS
access-list 114 permit tcp any any eq 22
access-list 114 permit tcp any eq 22 any
access-list 114 permit udp any any eq 22
access-list 114 permit udp any eq 22 any
access-list 114 remark *************************************

 

Thak you for your help