QoS Marking with Service Obj. Group and/or Protocol

whistleblower14 · ‎05-17-2017

hi guys,

I´m thinking about a QoS configuration, where I´d like to use either an object group-based ACL and/or (NBAR) protocols as match criteria on an IOS router... what I don`t understand is, when I´m using for example the following configruation;

object-group network TS-SRV
host 10.100.100.1
host 10.100.102.3

object-group network TS-HOS

host 192.168.2.12

object-group service SERV
tcp-udp eq 3389

ip access-list extended MARK-QOS
permit ip object-group SERV object-group TS-SRV object-group TS-HOS

class-map match-any MARK

match access-group name MARK-QOS

match protocol ms-wbt

will the port/protocol 3389/ms-wbt be matched as Source and Destination Port/Protocol or I´m wrong?

thanks for your help!

vivek srivastava · ‎05-18-2017

multiple match criteria inside a class-map will result in AND of all match criteria's

whistleblower14 · ‎05-18-2017

hi vivek,

first of all thanks for your reply, but what I mean is - if in either case

(1) match protocol ms-wbt

or

(2) ip access-list extended MARK-QOS
permit ip object-group SERV object-group TS-SRV object-group TS-HOS

the Port in the statements is used/matched as Source and/or Destination or only Source?

vivek srivastava · ‎05-18-2017

It should match destination ports

whistleblower14 · ‎05-18-2017

...hmmm, is there also a way to match the source ports also that way?

I tried also to find some official documentation about this but I could`nt find anything about this - may you or somebody else have a link or reference?