cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3096
Views
5
Helpful
45
Replies

QoS for traffic

jkay18041
Level 3
Level 3

We've recently setup a RDS environment and would like to do a basic QoS rule to prioritize rdp traffic, but I'm not sure the best way to do this. We have a 100Mpbs fiber connection (soon to be 250) and our setup is like this ISP->WAN router->WAN Switch->2 different ASAs.

 

We have an ASA for our main corp environment and then an ASA for our RDS environment. From what I've read it seems like the best way to do this would be to put the QoS on the WAN router. I should note that the RDP traffic goes over a site to site VPN from the RDS side ASA firewall to the site where the users are at. If need be making QoS for everything from that RDS ASA public IP would work as well. Basically I want to prioritize all traffic as such

 

Priority 1 Voice traffic from our Corp ASA

Priority 2 RDP Traffic from the RDS ASA

 

Is this something that would be simple to setup?

 

Thank you in advance

45 Replies 45

The applied interface policy will pick up the bandwidth percentages from what it believe the interface is running at, or what you've set the interface bandwidth value to.

You should allocate all 100% of the bandwidth and you should defined a bandwidth for class-default.

The way you match an IP, or address block, you write an ACL to do so and in the class map you match against the ACL. (Actually you did that in one or your earlier posts.)

would this work? Then just make an access list for each group/IP I want to set?

 

class-map match-all VoIP

description Voice Traffic

class-map match-all RDS

description RDS Traffic

class-map match-all Corporate

description Corp Office

class-map match-all Class-Default

class-map match-all Priority

!

!

policy-map VoIP

class VoIP

bandwidth percent 1

policy-map RDS

class RDS

bandwidth percent 8

policy-map Corporate

class Corporate

bandwidth percent 10

Policy-map Default

class class-default

bandwidth percent 81
!
!
ip access-list extended VoIP

permit ip host 45.45.45.1

class-map match-all VoIP

policy-map shape

You're on the right track. You need to add a match statement, in the class-map, to match the corresponding ACL. And yes, you do similar for the other classes.

BTW, for class-default, see if bandwidth statement will take remaining percent 100. This way, if you want to adjust the other classes, you don't need to re-adjust class-default.

Thank you for your continued help. 

 

I've built this in packet tracer and can't seem to figure out how to add the IP to the extended ACL

 

Router#show run

Building configuration...

 

Current configuration : 1381 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO2911/K9 sn FTX15244G7R

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

class-map match-all VoIP

description Voice Traffic

class-map match-all RDS

description RDS Traffic

class-map match-all Corporate

description Corp Office

class-map match-all Class-Default

description Default

!

policy-map VoIP

class VoIP

bandwidth percent 1

!

policy-map RDS

class RDS

bandwidth percent 8

!

policy-map Corporate

class Corporate

bandwidth percent 10

!

policy-map Class-Default

class class-default

bandwidth remaining percent 100

!

!

!

!

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

ip access-list extended VoIP

permit ip host 45.45.45.1 any

ip access-list extended RDS

permit ip host 45.45.45.2 any

ip access-list extended Corporate

permit ip host 45.45.45.3 any

ip access-list extended Default

permit ip any any

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

Packet Tracer often is feature shy compared to real devices. See what class-map match options there are.

I set it up on a 2901 router with IOS 15.4.3 and still no luck. 

 

I'm not sure where I've botched this up. Any ideas on where I could see an example of what I'm trying to do? I've searched on Google but can't seem to find it where it's done by IP and not service type.

 

Thank you

What does your 2901 config look like? What are you class-map match options on it?

It's the same config I put in the packet tracer.

 

Here are my options

 

Router(config)#ip access-list extended VoIP

Router(config-ext-nacl)#?

<1-2147483647> Sequence Number

default Set a command to its defaults

deny Specify packets to reject

exit Exit from access-list configuration mode

no Negate a command or set its defaults

permit Specify packets to forward

remark Access list entry comment

Router(config-ext-nacl)#

Are you having problems defining the ACL or the class-map? (I thought the latter.)

Correct, I am unable to assign the class-map to the ACL.

You assign the ACL to the class-map.

e.g.
ip access-list extend SampleACL
permit . . .

claas-map match-aXX SampleClassMap
match access-group name SampleACL

policy-map SamplePolicyMap
class SampleClassMap
banwidth percent 10

class-map match-all VoIP
description Voice Traffic
match access-group 10
class-map match-all RDS
description RDS Traffic
match access-group 10
class-map match-all Corporate
description Corp Office
match access-group 10
class-map match-all Class-Default
description Default
match access-group 10
!
policy-map VoIP
class VoIP
bandwidth percent 1
!
policy-map RDS
class RDS
bandwidth percent 8
!
policy-map Corporate
class Corporate
bandwidth percent 10
!
policy-map Class-Default
class class-default
bandwidth remaining percent 100
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
ip access-list extended VoIP
permit ip host 45.45.45.1 any
ip access-list extended RDS
permit ip host 45.45.45.2 any
ip access-list extended Corporate
permit ip host 45.45.45.3 any
ip access-list extended Default
permit ip any any

 

Ok, I think we are close. One more issue when I assign the ACL to the class-map match-all it won't let me put in the work "VoIP" at the end of "match access-group" says invalid input dtected at marker.

 

I did a 

Router#show access-lists

Extended IP access list VoIP

10 permit ip host 45.45.45.1 any

Extended IP access list RDS

10 permit ip host 45.45.45.2 any

Extended IP access list Corporate

10 permit ip host 45.45.45.3 any

Extended IP access list Default

10 permit ip any any

 

It allows me to put 10 in at the end, however thye are all 10. Why are they all the same ACL #?

 

Thank you again for all the help on this issue!

You don't have an ACL 10 (at least in what you've posted). You have "named" ACLs, which show the first ACE as statement #10, for ACL editing purposes.

In your class-map match statements, use the "name" option, as I showed in my prior post (assuming packet tracer supports).

Why all the policy-maps? You likely want a single policy-map, with multiple classes.

ok, I see what you mean on the Policy-map. I will combine those into one and add classes under it.

 

Let me get that done then I'll show you my config. I'm still a little puzzled.

 

Thank you

Ok, here is the new config. However I still don't know how to do the ACL's. Also on the ACL do you need any deny statements?

 

lass-map match-all VoIP

description Voice Traffic

match access-group 10

class-map match-all RDS

description RDS Traffic

class-map match-all Corporate

description Corp Office

class-map match-all Class-Default

description Default

!

policy-map Traffic_QoS

class VoIP

bandwidth percent 1

class Corporate

bandwidth percent 10

class RDS

bandwidth percent 10

class class-default

!

!

!

!

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

ip access-list extended VoIP

permit ip host 45.45.45.1 any

ip access-list extended RDS

permit ip host 45.45.45.2 any

ip access-list extended Corporate

permit ip host 45.45.45.3 any

ip access-list extended Default

permit ip any any

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco