Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WAN QOS setup

I am trying to configure QOS on a Cisco 861 router. The problem we are trying to solve is that when someone downloads a file from the internet it causes the RDP sessions that connect to an offsite server to slow down tremendously. I no very little about QOS but I think that this solution should be fairly simple.

The Goal:

I want to setup QOS so that all traffic going over the GRE Tunnel is prioritized over general internet traffic in particular large downloads.

Current setup:

The router has a T1 connection coming in on the WAN interface

It has an IPsec over GRE tunnel going to another site where a Windows Terminal server is hosted.

This is what i have so far. Am I heading in the right direction?

ip access-list extended WAN-QOS-ACL
permit gre any any

class-map match-any WAN-QOS-CM
match access-group name WAN-QOS-ACL

policy-map WAN-QOS-PM
class WAN-QOS-CM
priority 1024
class class-default

int fa0 (LAN interface)

service-policy input WAN-QOS-PM


WAN QOS setup

Yes you are good with the configs. But this won't work unless you specify qos pre-classify command under your tunnel interface. The reason behind that is, QoS policy is enforced only after the encapsulation happens.

So, do the below as an example

interface tunnel 0

ip address x.x.x.x

qos pre-classify

Hope this helps


New Member

WAN QOS setup

Thanks for the reply Vivek. I added the qos pre-classify command in but it is still not working for me. One thing I found too is that i cannot put the service-policy inbound on the internal LAN interface like i was hoping to do. When I try it gives me the error: "Low Latency Queueing feature not supported in input policy." I have tried applying it to both the WAN facing and LAN facing interfaces using the output command but as i expected this did not work. Does this router simply not support this method of QOS?

WAN QOS setup

I think i missed to see some important things. Apply the service policy on the outbound direction.

New Member

WAN QOS setup

It does not seem to work after having put it on the outbound interface. I have tried it on both the WAN and the LAN links. I don't know if it makes a difference but the LAN side is a Layer 2 interface and does not support layer three. I have it assigned to a VLAN that has an IP address assigned to it and acts as the default gateway address.

WAN QOS setup

Please provide me the model of cisco router you are on.

New Member

WAN QOS setup

it is an 861 ISR

WAN QOS setup

asking you lot of questions, sorry

1) What is the bandwidth of your internet link?

2) Is there a congestion noticed while downloading a huge file over internet?

You can apply the LLQ on the tunnel interface by creating a low level policy & applying then policy over a high level. You need to have a class based shaping configured though. Below is the config you may have to do

policy-map WAN-QOS-PM_CHILD  (child policy)

class WAN-QOS-CM

priority 1024


policy-map WAN-QOS-PM_PARENT   (Parent top level policy)
class class-default
  shape average 2000000   (depends on the bandwidth of your link - just a sample)
  service-policy WAN-QOS-PM_CHILD

interface Tunnel0
service-policy output WAN-QOS-PM_PARENT

You cannot apply your service policy on your LAN interface as it's Layer2. You will never get a match on your ACL on that interface so you need this to be applied on the tunnel interface in my opinion.

Hope this will help.


New Member

WAN QOS setup

The wan link is a T1 so 1536k.

There is very noticeable congestion when downloading files.

New Member

WAN QOS setup

i tried this configuration on my router with the shape average set to 150000 and i did not get any noticeable difference unfortunately.

While I was tinkering with the bandwidth command with the original configuration i was able to get some results but it was not as much as I was hoping for.

My test i have been using is downloading a file accross the tunnel and then starting an internet download. I typically will get a full 150KBPS download from the internet but when i use the bandwidth command and the original config I have been able to get it to lower the download rate from the internet to about 100KBPS. This was with bandwidth setting set to 1024. I also used a different access list for this that permitted the local IPs used within the LAN on both sides of the tunnel. I was expecting to see something more like a 50KBPS download from inet and 1024K reserved for my tunnel's use.

WAN QOS setup

Could you please post me the below outputs

show policy-map interface

Super Bronze

WAN QOS setup


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.


If the congestion issue is inbound (to you) from Internet, it's very, very difficult to manage this kind of congestion without a special traffic shaping appliance (and even they can struggle) unless you can also manage the far side's egress.

I recommend for consideration two Internet links, one for "routine" Internet traffic and one for dedicated VPN tunnels running across the Internet.  With a Internet link dedicated to VPN, you can often achieve QoS results similar to dedicated links.

CreatePlease login to create content