Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QOS with miltple security contexts

I have a firewall with 10 virtual firewall.

When I try to setup a class-map it will not accept the priority command. Its is not even availible as part of the command set

ex:

ERROR: % Invalid input detected at '^' marker.

ASA5540(config)# chang

ASA5540(config)# chang con admin

ASA5540/admin(config)# class-map Prec5

ASA5540/admin(config-cmap)# match precedence 5

ASA5540/admin(config-cmap)# policy-map VoicePQ

ASA5540/admin(config-pmap)# class Prec5

ASA5540/admin(config-pmap-c)# priority

^

ERROR: % Invalid input detected at '^' marker.

ASA5540/admin(config-pmap-c)# ?

MPF policy-map class configuration commands:

exit Exit from MPF class action configuration mode

help Help for MPF policy-map configuration commands

inspect Protocol inspection services

ips Intrusion prevention services

no Negate or set default values of a command

set Set QoS values or connection values

<cr>

ASA5540/admin(config-pmap-c)#

What is going on here?

6 REPLIES
Gold

Re: QOS with miltple security contexts

i don't think you can use both policing and priority at the same time.

according to cisco doc, "You cannot enable both priority queuing and policing together. In other words, only packets with normal priority can be policed; packets with high priority are not policed."

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450b9a.html#wp1045016

New Member

Re: QOS with miltple security contexts

I thought that also, however, when the firewall is converted back to a single context mode I am able to complete the command with now errors.

Could it be that I should not be able to complete the command in single context mode? Possibly a bug?

Gold

Re: QOS with miltple security contexts

i was trying to think the reason why it wouldn't work with multiple context. one possibility is that the command doesn't work with a shared physical interface.

to verify, reduce the context down to 2 or 3. try not to share the same physical interface (i.e. one interface is dedicated to one context).

New Member

Re: QOS with miltple security contexts

I think you may be onto something there. The QOS policy is applied to the interface and it may not understand what to do with it if one context has QOS and one does not. I will try reducing the context and see what happens.

Thanks

Gold

Re: QOS with miltple security contexts

just wondering how you go.

New Member

Re: QOS with miltple security contexts

QoS in not supported under multiple security contexts.

121
Views
0
Helpful
6
Replies
CreatePlease to create content