I have a star network with multiple l2l tunnels. I am trying to give priority to RDP (3389) traffic. The following is my config that I am trying to use:

hostname(config)#class-map RDP_Pri

hostname(config-cmap)#description "This class-map matches all RDP traffic for 1XX.XXX.XXX.XXX 1"

hostname(config-cmap)#match port tcp eq 3389

hostname(config-cmap)#match tunnel-group 1XX.XXX.XXX.XXX

hostname(config-cmap)#class-map RDP_BestEffort

hostname(config-cmap)#description "This class-map matches all best-effort traffic for 1XX.XXX.XXX.XXX"

hostname(config-cmap)#match tunnel-group 1XX.XXX.XXX.XXX

hostname(config-cmap)#match flow ip destination-address

hostname(config-cmap)#policy-map QOS

hostname(config-pmap)#class RDP_Pri

hostname(config-pmap-c)#priority

hostname(config-pmap-c)#class RDP_BestEffort

hostname(config-pmap-c)#police output 200000 37500

hostname(config-pmap-c)#class class-default

hostname(config-pmap-c)#police output 1000000 37500

hostname(config-pmap-c)#service-policy QOS interface outside

hostname(config)#priority-queue outside

hostname(config-priority-queue)#queue-limit 2048

hostname(config-priority-queue)#tx-ring-limit 256

When I get to the command:

police output 200000 37500

I get the following error message:

ERROR: Must deconfigure priority in this class before issuing this command

ERROR: tunnel-group can only be policed on a flow basis

Questions:

1. Why do I need to deconfigure priority? How would I do this?

2. Other than the errors, does this config look good? Can it be made better?

Thanks in advance