Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS issue!

Hello,

this is my router qos configuration:

Class Map match-all FTP (id 8)

Match protocol ftp

Class Map match-all IPSEC (id 1)

Match protocol ipsec

Class Map match-any R5 (id 6)

Match access-group 170

Class Map match-any URL-RESTRICT (id 7)

Match protocol http url "*youtube*"

Match protocol http url "*video.google*"

Match protocol http url "*myspace*"

Match protocol http url "*220.ro*"

Match protocol http url "*trilulilu.ro*"

Policy Map WAN

Class IPSEC

Bandwidth 15 (%) Max Threshold 64 (packets)

Class URL-RESTRICT

drop

Class class-default

Flow based Fair Queueing

Bandwidth 0 (kbps) Max Threshold 64 (packets)

Policy Map LimitR0

Class FTP

police cir 80000 bc 2500 pir 90000 be 2812

conform-action transmit

exceed-action drop

violate-action drop

fastEthernet 0 is my outsite (WAN) interface

fastEthernet 1 is one of my inside (LAN) interface

policy WAN is applied on fastEthernet0 outside direction

policy LimitR0 is applied on fastEthernet1 on inside direction

The problems are:

1) the URL restriction doesn't work. I belive that I would have access denied to those sites. Is this correct?

2) ftp restriction is not working. I am able to transfer ftp with 300KB. I want to limit ftp for the subnet that is connected to fastEthernet1 to maximum 1Mbps.

3) when I do a "sh policy-map int fast0", ipsec traffic is 0: Class-map: IPSEC (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol ipsec

Queueing

Output Queue: Conversation 266

Bandwidth 15 (%)

Bandwidth 15000 (kbps)Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

can U please take a moment and clear this for me?

thank u

1 REPLY
New Member

Re: QoS issue!

You can have separate class-maps and permit the URL that you want to permit and then have the other class-map configured where you can block the rest.

111
Views
0
Helpful
1
Replies