11-16-2013 08:50 AM
I have a few mote questions regarding ASA and QOS - code level 8.2.5
Let's say I have the follwing...
class-map TG-NonVoice
match access-list tg-traffic-acl
class-map TCP-Traffic
match access list tcp-traffic-acl
class-map TG-Voice
match dscp ef
match tunnel-group x.x.x.x
How do I know the pecking order of what the ASA uses to match a packet? Since a packet can only match one class-map, I created the access-list with deny statements to make sure the packet matches what I want. Example - for the access-list tcp-traffic-acl I did not want it to include tunneled traffic so I denied the tunnel traffic at the start of the access-list. Is this the correct procedure since I did not know what order the ASA matches the packets to my access-lists for my class-maps. Is there some order? The TG-Voice gets priority in the policy map so does it automatically get used for matching first???
Second example:
Let's say I have
class-map TG-NonVoice
match flow ip destination-address
match tunnel-group x.x.x.x
class-map TCP-traffic
match access-list tcp-traffic-acl
class-map TG-Voice
match dscp ef
match tunnel-group x.x.x.x
Here I only have one access-list. How do I know the order used to match the packets?? If I do not want the tcp-traffic-acl to NOT include packets that could possibly match in the VPN tunnel do I put a deny at the start of the access-list for the VPN traffic to be safe? What would be the flow used by the ASA to determine if a packet matches a class-map rule since a packet would match multiples but from what I read it does not get included in others once it matches the first match. Understand?
Thanks
Solved! Go to Solution.
11-16-2013 10:36 AM
Hello,
I think this covers everything,
This is the best document I have found on the web regarding MPF.
So take a read
http://blog.ine.com/2009/04/19/understanding-modular-policy-framework/
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-16-2013 10:36 AM
Hello,
I think this covers everything,
This is the best document I have found on the web regarding MPF.
So take a read
http://blog.ine.com/2009/04/19/understanding-modular-policy-framework/
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-17-2013 09:56 PM
Thanks!
Read the document and understood it but I will have to keep it handy since it will not stay in my head for a week or two. Very detailed but a few of the questioners had valid points to make. This answered all my questions and confirmed some of my thoughts.
I do not understand how Cisco can publish things and not fully explain how they work. I always have questions after I read a Cisco doc because they do not fully explain statements and half their examples are full of obvious errors. I sometimes wonder if the Cisco documentation writers understand what they are writing about.
THANKS!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide