04-27-2010 08:21 AM - edited 03-04-2019 08:17 AM
I'm trying to give RDP priority over web traffic. This is what I have so far:
class-map match-any scum
match protocol http
class-map match-any RDP
match access-group name RDP
!
!
policy-map die-scum
class scum
police cir 8000 pir 9000
conform-action set-prec-transmit 0
exceed-action drop
policy-map Inbound
class RDP
police cir 9000000 pir 10000000
conform-action transmit
exceed-action set-prec-transmit 0
violate-action drop
service-policy die-scum
ip access-list extended RDP
permit tcp any any eq 3389
If I put the policy-map Inbound on my WAN interface as an input filter, it does nothing. However, if I put the policy-map die-scum on my WAN interface as an input filter, web traffic almost grinds to a halt (which is what I want).
What am I doing wrong here?
Solved! Go to Solution.
04-27-2010 10:11 AM
You are only allowed to apply a policy to an interface and you have two policies.
Ideally, you should have this configuration:
policy-map inbound-internet
class scum
police cir 8000 pir 9000
conform-action set-prec-transmit 0
exceed-action drop
class RDP
police cir 9000000 pir 10000000
conform-action transmit
exceed-action set-prec-transmit 0
violate-action drop
interface WAN0/0
service-policy in inbound-internet
Regards
Edison
04-27-2010 10:11 AM
You are only allowed to apply a policy to an interface and you have two policies.
Ideally, you should have this configuration:
policy-map inbound-internet
class scum
police cir 8000 pir 9000
conform-action set-prec-transmit 0
exceed-action drop
class RDP
police cir 9000000 pir 10000000
conform-action transmit
exceed-action set-prec-transmit 0
violate-action drop
interface WAN0/0
service-policy in inbound-internet
Regards
Edison
04-27-2010 10:29 AM
The service-policy die-scum in my policy-map Inbound doesn't run the policy-map die-scum as well?
policy-map Inbound
class RDP
police cir 9000000 pir 10000000
conform-action transmit
exceed-action set-prec-transmit 0
violate-action drop
service-policy die-scum
04-27-2010 10:43 AM
That feature requires an IOS that support HQF
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_frhqf_support.html
For other IOSes, you are limited to class class-default on the parent class.
Regards
Edison
04-27-2010 12:01 PM
Thanks for your answers. I tried it the way you suggested and it worked.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: