01-26-2009 01:01 AM - edited 03-04-2019 12:58 AM
Hello,
I have branches connected with VPN and I wanna guarantee bandwidth for that traffic using the following configuration:
!Access list to mark internal traffic
ip access-list extended QOS
permit ip any 192.168.0.0 0.0.255.255
!
!Class-map to mark internal traffic
class-map match-all QOS-IN
match access-group name QOS
!
!Class-map to match the marked traffic
class-map match-all QOS-OUT
match qos-group 1
!
!Apply to markage
policy-map QOS-IN
class QOS-IN
set qos-group 1
!
!
!Apply the bandwidth reservation
policy-map QOS-OUT
class QOS-OUT
bandwidth percent 50
!
!Outside
interface FastEthernet0/0
service-policy output QOS-OUT
bandwidth 512
!
!Inside
interface FastEthernet0/1
service-policy input QOS-IN
Any comments about this configuration ? because I found that there is no match for the second class-map ?
Best regards,
01-26-2009 03:51 AM
You QoS config is 100% incorrect.
QoS Steps:-
1) Classify
2) Mark
3) Policing
What is the platform you are trying to perform QoS on?
01-26-2009 04:07 AM
I'm using a C2800
01-26-2009 04:56 AM
01-26-2009 06:15 AM
I had problems using qos-groups, although from its documentation what you've done, I believe, should be correct. You might also consider using the ToS instead.
Since you show the outbound policy on an Ethernet interface with a bandwidth statement of 512, your policy won't control bandwidth until there's interface congestion. You should probably shape to the actual outbound bandwidth. (Shaping appears to provide implicit FQ. Shaping alone might provide a noticable improvement.)
PS:
You're still going to have an issue for VPN bandwidth, inbound. That's very difficult to do well downstream.
01-26-2009 07:12 AM
Not that but.. I'm not seeing matches on the outside policy-map
01-26-2009 07:15 AM
Read the urls I sent.
01-26-2009 09:15 AM
Unclear what you're saying. If you're saying you not seeing any matches against the packets the first policy is marking, that I recall is the issue I've too seen with qos-groups, which is why I suggested using a ToS setting instead. I.e. use your inbound policy to tag with something like IP Predence 1 or DSCP CS1 and then match against that value.
01-27-2009 01:47 AM
OK, I see.
I'll will try what you suggest and I'll give a feedback.
Regards,
Omar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: