Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

QoS in ASA

Hi,  I have a 2 Mb link and wish dedicate 800 Kb for specific host. The another host in network can use only 1.2 Mb.

Look the configuration that I did:

access-list acl_qos extended permit ip host 172.16.1.10 any

access-list acl_qos_default extended permit ip any any

class-map class_qos

match access-list acl_qos

class-map class_qos_default

match access-list acl_qos_default

policy-map qos_policy

class class_qos

  police output 812000 conform transmit exc transmit

class class_qos_default

  police output 1258000 conform transmit exc drop

service-policy qos_policy interface outside

Well, I have this questions:

1°) The configuration is ok?

2°) The service-policy is applied before or after nat process?

3°) Traffic in default class (class_qos_default) never will use more that 1.2 Mb? Or, if host 172.16.1.10 not consume your cote (800 Kb) default class can use more that 1.2 Mb?

The last one: In show service-policy interface outside I see conform-action and exceed-action DROP in default class. Is it right?

fw# sh service-policy interface outside

Interface outside:

  Service-policy: qos_policy

    Class-map: class_qos_ib

      Output police Interface outside:

        cir 812000 bps, bc 25375 bytes

        conformed 1862 packets, 1931904 bytes; actions:  transmit

        exceeded 0 packets, 0 bytes; actions:  transmit

        conformed 145248 bps, exceed 0 bps

    Class-map: class_qos_default

      Output police Interface outside:

        cir 1258000 bps, bc 39312 bytes

        conformed 3686 packets, 704579 bytes; actions: drop

        exceeded 0 packets, 0 bytes; actions:  drop

        conformed 51144 bps, exceed 0 bps

Best Regards.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: QoS in ASA

1) No, but if you have 2 classes they should not match the same traffic. If they match the same traffic there is no point in policing them differently.

3) No, if class 2 is hitting its limit 1200 then it will not use the leftovers of class1, it will just be policed.

4) No, I am not sure why that shows. Please try to reapply the policing and see if it fixes.

PK

5 REPLIES
Cisco Employee

Re: QoS in ASA

Hi,

1) No, one minor change

access-list acl_qos_default extended deny ip host 172.16.1.10 any

access-list acl_qos_default extended permit ip any any

2) After

3) If they are mutually exclusive (see 1) each can take its max.

last) You set the action in the police command. Usually it doesn't make sense to police if you are not dropping.

I hope it helps.

PK

Re: QoS in ASA

Thanks pkampana, your help is very useful.

1) But I have two acl and two class, for differents policys. Is it wrong?

2) Ok, thanks.

3) Maybe I was not articulate. My question is: If traffic in policy 1 has not reached its limit, so the traffic policy 2 can use the "band" of the policy 1?

4) I set conform-action transmit and only excedeed action drop, but in show service-policy appear both as DROP... is it normal?

Cisco Employee

Re: QoS in ASA

1) No, but if you have 2 classes they should not match the same traffic. If they match the same traffic there is no point in policing them differently.

3) No, if class 2 is hitting its limit 1200 then it will not use the leftovers of class1, it will just be policed.

4) No, I am not sure why that shows. Please try to reapply the policing and see if it fixes.

PK

Re: QoS in ASA

One more time, thanks pkampana.

Now I understood.

I try many times remove and apply the configuration (about number 4)... I will open a TAC.

Regards.

Re: QoS in ASA

Hey,

Have a look at this link before opening a TAC case.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#intro

You might just hit it right and solving it on your own would be priceless.

Regards,

Sian

815
Views
0
Helpful
5
Replies
CreatePlease to create content