×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WAN Quality of Service (QoS) Traffic Selector (Classification) Settings on ISA500 Series Integrated Security Appliances

Document

Sat, 07/09/2016 - 10:10
Apr 26th, 2016
User Badges:

Cisco Support Community

Article ID: 3400

Objective

Traffic Selector/Classification classifies traffic as it passes through the WAN connections. These traffic classifications make traffic easy to identify for other features such as QoS policy profiles. This article explains how to configure traffic selector/classification on ISA500 Series Integrated Security Appliances.

Note: To configure the QoS for Traffic Selector, the WAN QoS should be enabled. To know more about how to enable the WAN QoS please refer to the article General Quality of Service (QoS) Settings on ISA500 Series Integrated Security Appliances.

Applicable Devices

• ISA550
• ISA570
• ISA550W
• ISA570W

Software Version

Traffic Selector Settings

Step 1. Log in to the ISA500 Series Configuration Utility and choose Networking > QoS > WAN QoS > Traffic Selector (Classification). The Traffic Selector (Classification) page opens:

Step 2. In the Traffic Selectors table, click Add. The Traffic Selector - Add/Edit window appears.

Step 3. In the Class Name field, enter a name for the class to which the traffic is classified.

Step 4. From the Source Address drop-down list, choose a source address for which the traffic is classified. You can select from a predefined list of available configurations or you can create your own address based on your requirement. To know how to configure a new address, refer to the subsection Create a New Address or Create a New Address Group.

Step 5. From the Destination Address drop-down list, choose a destination address for which the traffic is classified. You can select from a predefined list of available configurations or you can create your own address based on your requirement. To know how to configure a new address, refer to the subsection Create a New Address or Create a New Address Group.

Step 6. From the Source Service drop-down list, choose a source service for which the traffic is classified. You can select from a predefined list of available configurations or you can create your own service based on your requirement. To know how to configure a new service, refer to the subsection Create a New Service.

Step 7. From the Destination Service drop-down list, choose a destination service for which the traffic is classified. You can select from a predefined list of available configurations or you can create your own service based on your requirement. To know how to configure a new service, refer to the subsection Create a New Service.

Step 8. To classify traffic based on DSCP values, choose a DSCP value from the left DSCP list and click –>. To remove a DSCP value from the class filter, choose the class from the right DSCP list and click <–. A Differentiated Services Code Point (DSCP) value indicates what type of service traffic has.

Step 9. From the CoS drop-down list, choose a Class of Service (CoS) value which states the level of priority the traffic has. The traffic is classified for the CoS value. 0 is the lowest priority, and 7 is the highest priority.

Step 10. From the VLAN drop-down list, choose a VLAN for which the traffic is classified.

Note: To know how to configure a VLAN refer to the article Virtual Local Area Network (VLAN) Settings on ISA500 Series Integrated Security Appliances.

Step 11. Click OK. The Traffic Selector (Classification) page reappears.

Step 12. Click Save.

Create a New Address

 

Step 1. Choose Create a new address from the Address drop-down list to create an address object. The Address - Add/Edit window appears.

 

Step 2. Enter the name for the address object in the Name field.

Step 3. Choose the address Type and enter the corresponding information

• Host — Enter the IP address of the host in the IP address field. This defines a single host by its IP address.

• Range — Enter the starting IP address in the Starting IP Address field and the ending address in the Ending IP Address field. This defines a range of contiguous IP addresses.

• MAC — Enter the MAC address in the MAC field.

• Network — Enter the subnet IP address in the IP address field and the broadcast address in the netmask field. Rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid netmask.

Step 4. Click OK to save the configuration.

Create a New Address Group

 

Step 1. Choose Create a new address group from the Address drop-down list to create an address range. The Address - Add/Edit window appears.

Step 2. Enter the Group name in the Group Name field.

Step 3. Choose a configuration from the available list and click -> to select the configuration

Step 4. Click OK to save.

Create a New Service

Step 1. To create a new service choose Create a new service from the Services drop-down list. The Address/Service window appears.

Step 2. Enter the name of the service in the Name field.

Step 3. Choose the protocol from the Protocol drop-down

— TCP – Enter the starting port number in the Port Range Start and the ending port number in the Port Range End field. Transmission Control Protocol(TCP) is a transport protocol in TCP/IP which ensures the message is sent accurately.

— UDP – Enter the starting port number in the Port Range Start field and the ending port number in the Port Range End field. User Datagram Protocol (UDP) is a protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required.

— both(TCP/UDP) –  Enter the starting port number in the Port Range Start field and the ending port number in the Port Range End field. It uses both TCP and UDP.

Step 4. Click OK to save.

Note: To know how to configure WAN QoS and Queue settings, refer to the article Configuration of WAN Quality of Service (QoS) Queue Settings on the ISA500 Series Integrated Security Appliances, and for configuration of WAN QoS Policy settings, refer to the article Wide Area Network (WAN) Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliance.

Loading.

Actions

This Document