Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
6
Replies

QOS with miltple security contexts

jefchris
Level 1
Level 1

‎10-19-2005 06:59 AM - edited ‎03-09-2019 12:45 PM

I have a firewall with 10 virtual firewall.

When I try to setup a class-map it will not accept the priority command. Its is not even availible as part of the command set

ex:

ERROR: % Invalid input detected at '^' marker.

ASA5540(config)# chang

ASA5540(config)# chang con admin

ASA5540/admin(config)# class-map Prec5

ASA5540/admin(config-cmap)# match precedence 5

ASA5540/admin(config-cmap)# policy-map VoicePQ

ASA5540/admin(config-pmap)# class Prec5

ASA5540/admin(config-pmap-c)# priority

^

ERROR: % Invalid input detected at '^' marker.

ASA5540/admin(config-pmap-c)# ?

MPF policy-map class configuration commands:

exit Exit from MPF class action configuration mode

help Help for MPF policy-map configuration commands

inspect Protocol inspection services

ips Intrusion prevention services

no Negate or set default values of a command

set Set QoS values or connection values

<cr>

ASA5540/admin(config-pmap-c)#

What is going on here?

Labels:
0 Helpful
6 Replies 6

jackko
Level 7
Level 7

‎10-19-2005 03:59 PM

i don't think you can use both policing and priority at the same time.

according to cisco doc, "You cannot enable both priority queuing and policing together. In other words, only packets with normal priority can be policed; packets with high priority are not policed."

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450b9a.html#wp1045016

0 Helpful

jefchris
Level 1
Level 1
In response to jackko

‎10-20-2005 04:57 AM

I thought that also, however, when the firewall is converted back to a single context mode I am able to complete the command with now errors.

Could it be that I should not be able to complete the command in single context mode? Possibly a bug?

0 Helpful

jackko
Level 7
Level 7
In response to jefchris

‎10-20-2005 04:30 PM

i was trying to think the reason why it wouldn't work with multiple context. one possibility is that the command doesn't work with a shared physical interface.

to verify, reduce the context down to 2 or 3. try not to share the same physical interface (i.e. one interface is dedicated to one context).

0 Helpful

jefchris
Level 1
Level 1
In response to jackko

‎10-21-2005 04:16 AM

I think you may be onto something there. The QOS policy is applied to the interface and it may not understand what to do with it if one context has QOS and one does not. I will try reducing the context and see what happens.

Thanks

0 Helpful

jackko
Level 7
Level 7
In response to jefchris

‎11-03-2005 02:39 AM

just wondering how you go.

0 Helpful

jefchris
Level 1
Level 1
In response to jackko

‎11-03-2005 05:31 AM

QoS in not supported under multiple security contexts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents