I would use class-based weighted fair queueing and prioritze all other traffic over the FTP traffic, You do not need to split the user groups across interfaces for this. IOS 12.2(13) should be sufficient for Class-Based Weighted Fair Queuing (that is what this is called). The configuration would look like this:
Router(config)#class-map match-all ANYTRAFFIC
Router(config-cmap)#match access-group 101
Router(config)#class-map match-all FTP
Router(config-cmap)#match access-group 102
Router(config)#access-list 101 deny tcp any any eq ftp
Router(config)#access-list 101 deny tcp any any eq ftp-data
Router(config)#access-list 101 permit ip any any
Router(config)#access-list 102 permit tcp any any eq ftp
Router(config)#access-list 102 permit tcp any any eq ftp-data
Router(config)#access-list 102 deny ip any any
Router(config-pmap-c)#set precedence 5
Router(config-pmap-c)#set precedence 4
Router(config-if)#service-policy output PRIORITY
With this configuration, all other traffic is prioritized over FTP traffic.
Use the command:
show policy-map interface Ethernet0
to check that FTP packets get another (lower) priority than all other traffic.
I could very well be wrong but wouldn't you want to apply the policy-map inbound on E0, or perhaps outbound on the WAN interface to keep the WAN queue from getting overrun by the 10Meg Ethernet traffic ? I wouldn't think there would be a problem in the WAN to LAN direction. Again, not a big QOS guy so I could be wrong.
I'm not an expert on QoS solutions but I'm a bit confused. First let me explain what I understand from your problem description: You've got two user groups (say two subnets) on LAN and these hosts reach to the rest of the world using a WAN link. And salespeople is complaining about the FTP traffic of the technicals. My first point: at the moment of the congestion this will occur on interfaces connected to the WAN link. Don't we need to apply any QoS config to the WAN interfaces? Assuming I don't know diretction of FTP and other flows, applying outbound CBWFQ to both router WAN interfaces makes more sense to me. Another point is that instead of setting IP precedence field in IP header applying a "bandwidth" command under the policy-maps with appropriate value looks more simple and manageable.
I guess I should have not used FTP as an Example. (-; Its FTP, HTTP, Windows File Server Transfers, pretty much anything that they can download big files from, they will go it.
Thats why I figured it might be easier to move the Support guys over to the second interface and then just five priority to the Sales guys interface over the Tech people.
The Sales guys are just sending small packets. Mostly just Mail, Remote Desktop Sessions and a few small SQL Queries. So they hop on the line, get the info anf get off. It jsut seems that when someone in the Tech departments tries to load the latest security patches on the 12 Classroom computers, the network dies for the sales guys.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...