Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
729
Views
0
Helpful
3
Replies

ASA5505 v8.2(4) - packet loss after QoS config

Go to solution
i.va
Level 3
Level 3

‎08-11-2009 12:31 AM - edited ‎03-11-2019 09:04 AM

Hi,

I came across a problem after configuring QoS on a ASA5505 v8.2(1) for one of our customers (planning to use IP Phones over VPN). Although I configured via ASDM, here is the relevant CLI config:

priority-queue outside

class-map DM_INLINE_Child-Class

match dscp cs3 af31 ef

policy-map DM_INLINE_Child-Policy

class DM_INLINE_Child-Class

priority

policy-map outside-policy

description QoS

class class-default

shape average 3600000

service-policy DM_INLINE_Child-Policy

service-policy outside-policy interface outside

(the default global policy is also configured)

The problem is after configuring this, after some time (usually around 1 day), the traffic throughput on the ASA is very low. When I ping an outside host, about half the packets get lost. The internet connection has a fixed ip...no DHCP or PPPoE. If I remove the QoS policy from the outside interface or reboot the ASA, traffic throughput is normal again.

I used this configuration the first time on v7.2(4) where it worked without any problems for several months. The issue started after upgrading to 8.0(4) and persisted in 8.2(1).

Did anybody come across this? Am I missing anything what the config is concerned? The logs show nothing unusual.

Any feedback would be appreciated!

Ingo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Todd Pula
Level 7
Level 7

‎08-11-2009 07:27 AM

You are more than likely running into bug CSCsx07862 which was resolved in 8.0.4.34 and 8.2.1.2. Another potential workaround that I have used in the past is to police the class default as opposed to shape.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsx07862

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Todd Pula
Level 7
Level 7

‎08-11-2009 07:27 AM

You are more than likely running into bug CSCsx07862 which was resolved in 8.0.4.34 and 8.2.1.2. Another potential workaround that I have used in the past is to police the class default as opposed to shape.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsx07862

0 Helpful

Go to solution
i.va
Level 3
Level 3
In response to Todd Pula

‎08-11-2009 07:51 AM

Hi, thanks for the info! Where can I download version 8.2.1.2? On the Download Software site I can only find version 8.2.1.

0 Helpful

Go to solution
Todd Pula
Level 7
Level 7
In response to i.va

‎08-11-2009 07:56 AM

TAC can publish the latest interim build for your to download. I would open an SR so that this issue can be properly documented. Please feel free to request that the SR be assigned to me.

Thank you,

Todd Pula

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card