Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

QoS PreClassify Command

Unanswered Question
Jan 19th, 2008
User Badges:
  • Silver, 250 points or more

Hi Guys,

I hope someone can help me here. Just revising some ONT stuff before exam and realised that i do not understand when the 'qos pre-classify' command is used when implementing QoS over VPNs.

Can someone clearly expalin when exactly you use the QoS Pre-Classisfy command and when not to use it.

Forever Greatful


PS - i'm gonna post this over in 'Certifications' also for a bit more exposure.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
srue Sat, 01/19/2008 - 05:58
User Badges:
  • Blue, 1500 points or more

qos pre-classify is used to identify ip header information before it passes through a tunnel (encrypted or unencrypted) for qos purposes. depending on tunnel-type, a certain amount of header information is copied, and then applied to the tunnel header, so QoS information is available as it passes through the tunnel network. Without pre-classification, the QoS bits are lost in encryption and/or packet encapsulation.


Joseph W. Doherty Sun, 01/20/2008 - 15:30
User Badges:
  • Super Bronze, 10000 points or more

If the before encapsulation packets have TOS settings that you want to "analyze" after the packets have been encapsulated with a VPN packet, then you can use pre-classify to copy the TOS values to the VPN packet's TOS. NB: The copied TOS can be overwritten, but that won't change the original packet's TOS.

E.g. you have VoIP packets marked with TOS values (perhaps a DSCP EF) so QoS can give them better treatment. If the original packet's TOS isn't copied to the VPN packet's TOS, QoS could no longer tell the difference between VoIP packets and FTP packets since they are now likely to be encrypted. (Pre-Classify is the command to cause the copy.)

stephen.stack Mon, 01/21/2008 - 09:22
User Badges:
  • Silver, 250 points or more

Thanks for the help guys.

Joseph - your version seemed a little clearer. I now understand when to 'apply' the command. However, in some ONT guides, they also give reason when not to apply the command to a tunnel interface or even more confusing - when to apply a service-policy command to an interface only when using QoS for VPNs.

can you shed any light on either of the later scenarios?

Thanks again


Joseph W. Doherty Mon, 01/21/2008 - 18:12
User Badges:
  • Super Bronze, 10000 points or more

I'm wondering whether part of the confusion might be where you need to apply the command for it to be actually effective.

If, however, the question is why you wouldn't want to use the command, two possible reasons come to mind. First, you know nothing actually processes the TOS later on, so using the command doesn't accomplish anything and perhaps by not using it avoids a performance hit. Second, your encapsulated packets are to be treated as a class (or part of a class) themselves, not by their original contents.

If you have any URL references that I could see, that appear unclear, I might be able to comment further.


This Discussion