QoS issue!

Unanswered Question
Mar 13th, 2009
User Badges:


this is my router qos configuration:

Class Map match-all FTP (id 8)

Match protocol ftp

Class Map match-all IPSEC (id 1)

Match protocol ipsec

Class Map match-any R5 (id 6)

Match access-group 170

Class Map match-any URL-RESTRICT (id 7)

Match protocol http url "*youtube*"

Match protocol http url "*video.google*"

Match protocol http url "*myspace*"

Match protocol http url "*220.ro*"

Match protocol http url "*trilulilu.ro*"

Policy Map WAN


Bandwidth 15 (%) Max Threshold 64 (packets)



Class class-default

Flow based Fair Queueing

Bandwidth 0 (kbps) Max Threshold 64 (packets)

Policy Map LimitR0

Class FTP

police cir 80000 bc 2500 pir 90000 be 2812

conform-action transmit

exceed-action drop

violate-action drop

fastEthernet 0 is my outsite (WAN) interface

fastEthernet 1 is one of my inside (LAN) interface

policy WAN is applied on fastEthernet0 outside direction

policy LimitR0 is applied on fastEthernet1 on inside direction

The problems are:

1) the URL restriction doesn't work. I belive that I would have access denied to those sites. Is this correct?

2) ftp restriction is not working. I am able to transfer ftp with 300KB. I want to limit ftp for the subnet that is connected to fastEthernet1 to maximum 1Mbps.

3) when I do a "sh policy-map int fast0", ipsec traffic is 0: Class-map: IPSEC (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol ipsec


Output Queue: Conversation 266

Bandwidth 15 (%)

Bandwidth 15000 (kbps)Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

can U please take a moment and clear this for me?

thank u

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbohla Fri, 03/20/2009 - 14:05
User Badges:

You can have separate class-maps and permit the URL that you want to permit and then have the other class-map configured where you can block the rest.


This Discussion