cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


1930
Views
0
Helpful
6
Replies
flcomputerguy
Beginner

FS-300-24 QoS??

Newbie here, never seen a Cisco, or any other L3 switch before. Nor an Lx router. To me, the interface is a bit confusing.

Truth is, I am over my head. Can anyone suggest a step by step,or class room or web based training, or a partner or Cisco helper to get us up to speed on this.

Goal is to limit http and https traffic in favor of telnet to an AIX server and RDP to a Windows TS. Printing would be ahead of http/s and below the others.

Interstingly, the web site promises 9 videos, but there are only 8.  The demo guide says about OoS:  "Coming Soon".

Where to go? Who(m) to call?

Thanks for any help or recomendations.

6 REPLIES 6
Ivor Diedricks
Cisco Employee

Larry,

I uploaded a document into the "Document" section of this community. It describes QoS and ACL configuration that can help you with your request. The document can be downloaded here:

https://supportforums.cisco.com/docs/DOC-16271

Thanks Ivor:


I have seen that document already.  Raises more questions for me than it answers.  Perhaps I am over thinking this, but I am unhappy with they number of assumptions that have to be made to do such configurations without proper training.

So far, not one person has been able to point me to a class, webinar, training facility, or any such where I can find out how this should be done.  If there is such a training program / facility available, one of the helpful things you could add/have added to the documentation or the web site is point to the relevant Cisco speciality training.  CNA?  CNE?  CNXYZ?  Or empower the first line phone support people to answer the question "How do I learn how to do this?".

To do what you're looking to do here, requires creating 3 ACLs:

1 ACL to permit/allow HTTP/HTTPS and putting that traffic into lower priority queue than the other traffic

1 ACL to permit/allow Telnet, RDP, and Printing (presumably LPR) and putting this traffic into a higher priority queue than HTTP/HTTP

1 ACL to allow all other traffic and putting it into the lowest priority queue

Follow the document to create ACL/ACE combinations. This is what it looks like for HTTP/HTTPS:

Next, you create Class Maps for each of the ACLs which looks like this:

Lastly, you define a Policy to collect all of the Class Maps and assign each Class Map to a specific priority queue - Note that the highest priority queue is queue 4 and the lowest is queue 1. This is what the mapping looks like:

Once the Policy has been created it will look like this:

Now you map the policy to the appropriate ports:

We do have people in the support organization who knows how to do this configuration.

Ivor

Thanks:

None of the screen shots came through.... darn it.  Maybe you can add them as attachments?

Interestingly, I have had the switch setup twice by support from Ciso via Web Ex.  The second was done because the first did not exclude the router port from the config, which somehow denied all access to the switch or to the web ex session as well as to the switch from the local PC and it had to be reset.  The second config, the engineer also forgot to exclude the router port and had to do the config over after the switch was reset.

The two configs bear absolutely no resemblance to each other.  The first involved WRR not Static settings, (which I questioned, unsuccessfuly) the other did not even go to a screen where that setting lives.

Where your suggestions would involve 3 ACLs, the latest config done by support has ONE ACL with two settings, Priority 1 for Telnet on port 23, Priority 2 for RDP on port 3389.  The explanation was that everything else would be best effort.

See why I am confused?

There are a number of ways the same results can be accomplished, so it's not surprising that the Support went about it in a different way. I am attaching a document of the screen shots.

Ivor

Thanks!

I have looked that over, and printed it for review.  Should be very helpful.

When I backed up according to directions in the help file, my resulting .txt file is below:  Can I assume that this file can be imported in case of corruption or if an end user accidently presses the reset button?

Lastly, in the Cisco world, what courses would lead to an understanding of how to program this (and other) devices, and are they offerered by Cisco or someone else?  When I called the Partner Learning Center all they know about is what to take to get certain letters after your name, which is not what I am after.  Letters mean nothing, it is content and understanding that I am after.

Thanks again.

voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface vlan 1
ip address 192.168.32.248 255.255.255.0
exit
ip default-gateway 192.168.32.1
interface vlan 1
no ip address dhcp
exit
bonjour service enable csco-sb
bonjour service enable http  
bonjour service enable https 
bonjour service enable ssh   
bonjour service enable telnet
qos advanced
ip access-list Telnet/RDP
permit-tcp any 1628 any any
permit-tcp any 3389 any any
exit
class-map Telnet/RDP match-any
match access-group Telnet/RDP
exit
policy-map Telnet/RDP-1
class Telnet/RDP
set dscp 46
exit
exit
interface ethernet e2
service-policy input Telnet/RDP-1
exit
interface ethernet e3
service-policy input Telnet/RDP-1
exit
interface ethernet e4
service-policy input Telnet/RDP-1
exit
interface ethernet e5
service-policy input Telnet/RDP-1
exit
interface ethernet e6
service-policy input Telnet/RDP-1
exit
interface ethernet e7
service-policy input Telnet/RDP-1
exit
interface ethernet e8
service-policy input Telnet/RDP-1
exit
interface ethernet e9
service-policy input Telnet/RDP-1
exit
interface ethernet e10
service-policy input Telnet/RDP-1
exit
interface ethernet e11
service-policy input Telnet/RDP-1
exit
interface ethernet e12
service-policy input Telnet/RDP-1
exit
interface ethernet e13
service-policy input Telnet/RDP-1
exit
interface ethernet e14
service-policy input Telnet/RDP-1
exit
interface ethernet e15
service-policy input Telnet/RDP-1
exit
interface ethernet e16
service-policy input Telnet/RDP-1
exit
interface ethernet e17
service-policy input Telnet/RDP-1
exit
interface ethernet e18
service-policy input Telnet/RDP-1
exit
interface ethernet e19
service-policy input Telnet/RDP-1
exit
interface ethernet e20
service-policy input Telnet/RDP-1
exit
interface ethernet e21
service-policy input Telnet/RDP-1
exit
interface ethernet e22
service-policy input Telnet/RDP-1
exit
interface ethernet e23
service-policy input Telnet/RDP-1
exit
interface ethernet g1
service-policy input Telnet/RDP-1
exit
interface ethernet g2
service-policy input Telnet/RDP-1
exit
interface ethernet g3
service-policy input Telnet/RDP-1
exit
interface ethernet g4
service-policy input Telnet/RDP-1
exit
hostname switch598900
username cisco password 95fbdb3e3d93f62058f8c18acd1d01130b16296c level 15 encrypted
no snmp-server enable

Create
Recognize Your Peers
Polls
How would you describe your level of technical expertise?