Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

QoS policy on WAN routers, GRE encapsulation

Our WAN routers have a basic QoS policy that is prioritizing Voice, Video and some data.

The policy is applied outbound on the serial interface in all branches and hub sites, and is matched by access-list.

We have WAN accelerators sitting behind the routers configured in bridge mode between the switch and routers. The WAN accelerators encapsulate any optimized traffic in a GRE tunnel from end to end. There is no GRE config or tunnel interfaces on the router.

The policy does not seem to be getting applied to the optimized traffic in the tunnel. It seems it would be matching by acl regardless of how the traffic is encapsulated, am I wrong?

Hall of Fame Super Silver

QoS policy on WAN routers, GRE encapsulation

Hello Andrew,

if GRE tunnels are between the WAN accelerators the routes see only the GRE traffic

this scenario is quite different from the one where the GRE tunnels are defined on the routers themselves.

All you can do on routers is to match based on ip addresses used by accelerators + ip precedence and the WAN accelerators should do the marking job.

a line like

access-list 101 permit gre host local-wan-acc host remote-wan-acc

should match outbound

to be noted routers by default copy IP precedence bits on the external header by default you should verify what the WAN accelerators do

so you would need an ACL like

access-list 102 permit gre host local-wan-acc host remote-wan-acc precedence

one ACL for each traffic class


you have written bridge mode I supposed towards the switch with the GRE tunnel used to send traffic to remote.

Hope to help