Can we use traffic Shaping for specific traffic using access list?

Unanswered Question
Apr 18th, 2012

I am not sure if this is only a feature in the ASA but you are only able to shape taffic that is in the default class called 'class-default' but I am not able to fine what the default class includes?

Is it possible to apply a policy where I can shape traffic based on a access list?

Also when applying a policy for prioritization should this not be applied on the inside and outside interface there when packet are entered inside the buffer of the inside interface they are processed first based on the prioritization class-map?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3 (2 ratings)
CSCO10580217 Thu, 04/19/2012 - 01:36

There is a way in Cisco ASA to accomplish traffic shaping by using "Policing" which can be done using MQC.

JohnPete868 Thu, 04/19/2012 - 01:39

Thanks, but when using policing it will drop packet where traffic shaping buffer them.

The asa only allows shaping on class default, but I am not able to find what traffic class default includes.

Sent from Cisco Technical Support iPhone App

JohnPete868 Thu, 04/19/2012 - 10:55

Hi Sundeep,

Thanks I've already looked and this article but I am still only able to shape 'A' certain type of traffic once and not via access-list. Also there is no statement which explain what the default class includes?

Julio Carvaja Thu, 04/19/2012 - 12:23

Hello John,

What they were trying to tell you is that it is not possible as Cisco says on their release notes traffic shaping on the ASA its only supported via the default class.

Hope this helps!

Do rate all the helpful posts

Julio

JohnPete868 Thu, 04/19/2012 - 12:27

Hi Julio,

In which case how does the ASA determine the default class? And I am able to amend what the default class includes?

Julio Carvaja Thu, 04/19/2012 - 13:05

Hello John,

The ASA will match any packet from a protocol included on that default-class.

Now regarding your second query:

am  I able to amend what the default class includes?

No, in fact if you try it to get into the class to configure it you will get the following error:

ERROR: % class-default is a well-known class and is not configurable under class-map

Do rate all the helpful posts

Julio

JohnPete868 Thu, 04/19/2012 - 13:09

Hi Julio,

The ASA will match any packet from a protocol included on that default-class.

Which protocols are included in the default-class?





Julio Carvaja Thu, 04/19/2012 - 13:47

Hello John,

All of them lol.

If you do a :

sh run all | begi class-default

class-map class-default

match any

Do rate all the helpful posts

Julio

JohnPete868 Thu, 04/19/2012 - 14:01

WOW,

Thats a lot of default classes. Julio, the issue I have is apparently traffic shaping can only configured with the default class, therefore if I have a 1000Kbps link and want to allocate http traffic 200Kbps, would I have to allocate 800Kbps to the default class and then in my class-map match the http traffic which would then guarantee the remaining 200Kbps?

ASA(config)# priority-queue outside

ASA(config)# class-map TG1-voice-class
ASA(config-cmap)# match tunnel-group tunnel-grp1
ASA(config-cmap)# match dscp ef

ASA(config-cmap)# policy-map priority-policy
ASA(config-pmap)# class TG1-voice-class
ASA(config-pmap-c)# priority

ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 900000
ASA(config-pmap-c)# service-policy priority-policy

ASA(config-pmap-c)# service-policy shape-priority-policy interface outside

The above example 'seems' to be that the default class is given 900000 and the remaining is allocated to the class TG1-voice-class?

Julio Carvaja Thu, 04/19/2012 - 14:13

Hello John,

That is correct. That should do it!

Regards.

DO rate all the helfpul posts

Julio

JohnPete868 Thu, 04/19/2012 - 15:47

Hi is this something which you have used before?

Sent from Cisco Technical Support iPhone App

Julio Carvaja Thu, 04/19/2012 - 16:31

Hello John,

No..... but this is something that cisco uses in its documents so you can give it a try.

I mean the example they use on their documentation is almost the same than you.

Regards,

Actions

Login or Register to take actions

This Discussion

Posted April 18, 2012 at 12:53 PM
Stats:
Replies:13 Avg. Rating:3
Views:521 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446