Cisco Support Community
Community Member

Help me with priority queueing please

Hello folks,

I have a site utilizing an Internet T1 for bot internet traffic and inter site VPN between this location and home office. I am ordering additional T1 to address this bandwidth concern but until then I have a little problem. i could muster through the command reference to figure this out but I'd rather tickle your genius becuase this is a production environment and time is against me. (okay, I'm lazy - LOL)

My interfaces on my 2691 router are fa0/1 (inside LAN, serial1/0 (Internet) and a GRE such as Tunnel20)

What I would like to do is give any traffic destined for my GRE Tunnel 20 (which is encapsulated in IPSEC) high priority over any other traffic.

Please tell me what you are doing in this case, kindly




Re: Help me with priority queueing please

it would be better if you supplied a config of your router but from what you have told me something like the following should suffice. It is configured to give 60% of BW to IPSec which you may want to adjust. The policy map should be applied to the outbound serial interface using "service-policy output" command.

class-map match-all IPSec

match protocol ipsec

policy-map TEST

class IPsec

priority percent 60

class class-default


Community Member

Re: Help me with priority queueing please

This is what I have now but I don't think this is working.

crypto map SERIAL10 51 ipsec-isakmp

set peer x.x.x.x

set transform-set ESP_3DES-ESP_SHA_HMAC

set pfs group2

match address 111


interface Loopback0

ip address


interface Loopback10

ip address 111.222.333.444 secondary

ip address


interface Tunnel1234

description GRE tunnel to CANCUN Loopback 0

ip address

ip mtu 1540

bandwidth 1536

tunnel source Loopback0

tunnel destination

crypto map SERIAL10

interface FastEthernet0/1

description Connection to LAN

ip address

ip nat inside

duplex full

speed 100

interface Serial1/0

description Connected Internet

bandwidth 1536

no ip address

no ip redirects

no ip proxy-arp

encapsulation frame-relay IETF

no arp frame-relay

frame-relay lmi-type ansi


interface Serial1/0.10 point-to-point

bandwidth 1536

ip unnumbered Loopback10

ip access-group 120 in

ip nat outside

ip inspect FW out

frame-relay interface-dlci XXX IETF

crypto map SERIAL10

priority-group 1

priority-list 1 interface tunnel1234 high

Re: Help me with priority queueing please

Hi, I think my example aboue will work. have you tried it yet? The below example provides another example using access-lists to match esp traffic but the NBAR IPsec should match ESP and AH. Let me know if it works.

Community Member

Re: Help me with priority queueing please


Your example did work. However, I have tried this from aother angle which was the following, thanks for your help!

policy-map output

class encr-traffic

bandwidth 1024

class-map match-any encr-traffic

match access-group 122

interface Serial1/0

service-policy output output

access-list 122 permit gre any any

access-list 122 permit esp any any

CreatePlease to create content