Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Any way to match HTTPS in a QoS ACL?

We are looking to prioritize HTTPS over HTTP in our network. Is there any way to identify HTTPS with or without NBAR?

Thanks!

Tim moffett

1 REPLY

Re: Any way to match HTTPS in a QoS ACL?

If the website you are accessing uses the standard HTTPS TCP port number then yes.

Client to Website

source TCP port 1023-65535 destination TCP port 443

Website to Client

source TCP port 443 destination TCP port 1023-65535

CatOS

set qos acl HTTPS dscp xx tcp any range 1023-65535 any 443

set qos acl HTTPS dscp xx tcp any 443 any range 1023-65535

IOS

ip access-list extended HTTPS-ACL

permit tcp any range 1023-65535 any eq 443

permit tcp any eq 443 any range 1023-65535

!

class-map match-any HTTPS-Class

match access-group HTTPS-ACL

set dscp xx

!

policy-map HTTPS-Policy

class HTTPS-Class

bandwidth xxx

Certain switch/router IOS commands may be different, but thats the general idea.

Andy

134
Views
0
Helpful
1
Replies
CreatePlease to create content