I have a QoS related question.
We have Site A and Site B
Every Site has a WAN Internet Connection on Subint Gi0/1 with Gi0/1.1 and Gi0/1.2
Thats the WAN Part. Internals surft thru NAT there. (only on one Connection currently)
This Connections host a GRE IPSEC TUNNEL Tunnel1 from Site A to Site B and Vice Versa.
The Tunnel runs on exactly one Internet Connection (currently Gi0/1.1)
Also on Site A and Site B there is a LAN. Both LAN are Connected thru the IPSEC Tunnel. We have Static routes and different Subnets.
What i want to do (but i am to stupid to do so):
1) Limit "surfing" Traffic (which is everything except the Traffic needed for the Tunnel to 7MBIT (from 10))
2) Reserve 3MBIT of the Tunnel Connection for SIP,RTP and SSH (nbar is running)
3) Make Tunnel Traffic more important than Surfing Traffic (e.g. Copy Files should not be reduced by iso downloads) but respect 3MBIT reserved for SIP RTP SSH
Gi0/1 - Main Interface
Gi0/1.1 - SubInterface for WAN Internet
Tunnel1 - source is WAN on Gi0/1.1 GRE with IPSEC
This is all running on 12.4 advipserv on a C2821
I tried fiddling around with parent and child policies and policie command etc but it doesnt seem to work
Thanks for your help!
You can start from the following config, and modify from there.If you experience high cpu after configure the QoS, you can disable nbar, and match base on ACL.
class-map match-any mark_critical
match protocol SIP
match protocol RTP
match protocol SSH
set ip dscp 46
police 7000000 conform-action set-dscp-tranmit af21
int x/x (LAN interface)
service-policy in mark
shape 10000000 100000
match ip dscp 46
service-policy out shape_10m