cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
602
Views
5
Helpful
6
Replies

qos preclassify command question

lgontarsk
Level 1
Level 1

If doing QOS on a tunnel which is using IPSec, do you put the pre-classify command on the tunnel interface or in the policy map?

here's the config I've been given, and I notice that they've put it in 2 places.

Thanks,

Lisa Gcrypto map CRX0 10 ipsec-isakmp

description To ATL-CRX-7206A router

set peer 65.199.221.97

set transform-set TSI

match address CUSTNAME-ATLCRX

qos pre-classify

interface Tunnel1

description GRE Tunnel to Atlanta

ip address TUNNEL1_IPADDR_toATL 255.255.255.252

ip mtu 1440

qos pre-classify

6 Replies 6

Manoj Wadhwa
Level 1
Level 1

The config is pretty correct. Generally, when using IPSec, qos-preclassify needs to be enabled under crypto map. When using GRE tunnel, it needs to be enabled on the tunnel interface. Since you are using both IPSec and GRE, hence its enabled under crypto map and tunnel interface. Thanks!

- Manoj

Thanks.... does this mean that the traffic gets pre-classified twice?

Hi,

In the fragment of config that you post don?t have the crypto-map applied to an interface... The traffic get out via this tunnel int?

Kratz

Hi, It is applied to the serial interface..

Thanks, Lisa G

Lisa,

You need to see your routing table to get the pre-classify in use.

If you use ipsec tunnel mode the pre-classify in crypto-map are in use. If your tunnel is routed via serial, the first classification is into virtual interface tunnel.

Regards,

Kratz

I used IPSEC and a GRE caymen tunnel and to do qos enabled the qos pre-classify command only under the crypto map.

I was able to see the packets getting matched to the policy i defined

Narayan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: