Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
1
Replies

Any way to match HTTPS in a QoS ACL?

tmoffett
Cisco Employee
Cisco Employee

‎12-05-2003 10:47 AM - edited ‎03-02-2019 12:10 PM

We are looking to prioritize HTTPS over HTTP in our network. Is there any way to identify HTTPS with or without NBAR?

Thanks!

Tim moffett

Labels:
0 Helpful
1 Reply 1

andrew.butterworth
Level 7
Level 7

‎12-05-2003 11:23 AM

If the website you are accessing uses the standard HTTPS TCP port number then yes.

Client to Website

source TCP port 1023-65535 destination TCP port 443

Website to Client

source TCP port 443 destination TCP port 1023-65535

CatOS

set qos acl HTTPS dscp xx tcp any range 1023-65535 any 443

set qos acl HTTPS dscp xx tcp any 443 any range 1023-65535

IOS

ip access-list extended HTTPS-ACL

permit tcp any range 1023-65535 any eq 443

permit tcp any eq 443 any range 1023-65535

!

class-map match-any HTTPS-Class

match access-group HTTPS-ACL

set dscp xx

!

policy-map HTTPS-Policy

class HTTPS-Class

bandwidth xxx

Certain switch/router IOS commands may be different, but thats the general idea.

Andy

0 Helpful
Customers Also Viewed These Support Documents