QoS preclassify command

Similar Questions

• QoS LAN - how to say switchport reassign CoS value to mixt?

  Hi all

  There is an order issued on the switchport which tells a Cisco IP Phone trust the CoS of a station connected to the access of the phone port said, but to change the tag to a CoS value of your choice. Example:

  MSL qos trust cos

  switchport priority extend cos 3

  I have, however, is a resort with important data traffic only able to send traffic on CoS 0 and no voice/phone.

  So I want to load the switchport to assign a CoS value of 3 for traffic from the stand-alone PC station.

  Y at - it an IOS command that makes this possible without going through a Cisco IP Phone between the port and the PC Station?

  Hi Dean,

  Specifically, if the mls qos cos 3 command is ineffective for IP packets  and the port is configured to trust dscp, then how would an  administrator set the desired DSCP priority level for those packets  he/she wants?

  What you're asking here contradicts itself. Trust the DSCP means "the DSCP value is good and requires no rewriting"-why would you want to override the DSCP value, then?

  Note that even for the mls qos trust cos, the mls qos cos command applies only to those executives who no CoS present on the ground because the 802. 1 q VLAN tag is missing. If the frame has a CoS field, the mls qos cos command does not apply. With qos trust dscp mls, a similar mls qos dscp command makes no sense: each IP packet has a DSCP field in its header, and non - IP packets have no DSCP whatsoever.

  However, there is a way to actually classify and possibly rewrite the DSCP values in a more precise way by using the class- and policy-cards used in the command of the service-policy interface. This command can be used instead of mls qos trust command and perform more thorough, more elaborate classify and re-writing of DSCP value. See:

  http://www.Cisco.com/en/us/docs/switches/LAN/catalyst3560/software/release/15.0_2_se/command/reference/cli2.html#wp6193114

  Best regards

  Peter

• Command switchport mode access

  Hello

  I was curious about the switchport mode access command and its interoperability with the switchport command in vlan voice.

  If I set up a switchport with the switchport mode access commmand, which will make it impossible for the switchport create a trunk special cases with the IP phone? Even if I set up switchport vlan speech?

  And if so, the port should be configured as switchport mode dynamic auto? Or desirable?

  Thank you, Pat

  Pat, you can configure a port as an access port, add the configuration of vlan voice and connect a phone and another device. The trunk will form. With the "vlan voice" Cisco obscures the fact that forms a trunk. I don't necessarily agree with this strategy, and it wasn't always in this way. I remember configuration of phones on a 3500XL and ports have been configured in trunks.

  You made me think, so I issued a few commands on a WS-C3560V2-48PS-S running IOS 12.2 (58) SE2 who has 12 phones connected on it.

  Here is the config for a port that has a connected phone:

  Switch #sho int f0/2nd round

  Building configuration...

  Current configuration: 475 bytes

  !

  interface FastEthernet0/2

  switchport access vlan 11

  switchport trunk encapsulation dot1q

  switchport trunk vlan 11 native

  switchport trunk allowed vlan 2, 10-19

  switchport mode access

  switchport nonegotiate

  switchport voice vlan 12

  SRR-queue bandwidth share 1 30 35 5

  priority queue

  MLS qos trust device cisco-phone

  MLS qos trust cos

  Auto qos voip cisco-phone

  No auto mdix

  spanning tree portfast

  service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

  end

  If I show the status of the trunk for an individual port that IOS recognizes that the port with the attached telephone is actually a trunk:

  Switch #sho int f0/2 trunk

  VLAN Mode Encapsulation native port State

  FA0/2 off 802. 1 q non-gaine 11

  Port VLAN allowed on trunk

  FA0/2, 11-12

  Port VLAN authorized and active in the field of management

  FA0/2, 11-12

  VLAN port extending on transmission State and no tree pruned

  FA0/2, 11-12

  However if I do a "sho int trunk" to display all the ports on the switch IOS trunk does not include telephone ports in the output.

  Trunk switch #sho int

  VLAN Mode Encapsulation native port State

  FA0/45 on 802. 1 q 12 trunking

  FA0/46 / 802. 1 q 12 trunking

  Gi0/1 on 802. 1 q sheath 11

  Gi0/2 of 802. 1 q sheath 11

  Port VLAN allowed on trunk

  FA0/45 2: 10-19

  FA0/46 2: 10-19

  Gi0/1, 2, 10-19

  Gi0/2, 2, 10-19

  Port VLAN authorized and active in the field of management

  FA0/45 13, 16-2, 11-17

  FA0/46 13, 16-2, 11-17

  Gi0/1, 2, 11-13, 16-17

  Gi0/2 13, 16-2, 11-17

  VLAN port extending on transmission State and no tree pruned

  FA0/45 13, 16-2, 11-17

  FA0/46 13, 16-2, 11-17

  Gi0/1, 2, 11-13, 16-17

  Gi0/2 13, 16-2, 11-17

  So firstly IOS says "Yes, it is a trunk" and on the other hand it is said ' Nope, no trunks here! So notice that 'spanning-tree portfast' is configured on f0/2, no 'portfast spanning-tree trunk. PortFast is still active on this port.

  Switch #sho span int f0/2 selection

  VLAN0011 enabled

  VLAN0012 enabled

  Conversely on 45 port, we have a VG-224 connected and it is configured with "switchport mode trunk" and "trunk spanning-tree portfast '. If I change than just "spanning-tree portfast' we see this:

  Switch #sho span int f0/45 selection

  VLAN0002 disabled

  VLAN0011 disabled

  VLAN0012 disabled

  VLAN0013 disabled

  VLAN0016 disabled

  VLAN0017 disabled

  Cisco has confused the issue here. I would prefer if we called a trunk, a trunk, but for some reason, they do not.

  See you soon,.

  -Jeff

  ---

  Posted by Jeff Davis of the Cisco support community App WebUser

• Command not accepted on switch 3750 WCCP

  Hello

  I'm trying to configure the redirection of WCCP using L2 forwarding on a stack of 3750, but the 'ip wccp web cache' command is not accepted.

  Can you please help?

   Stack_3750X(config)#ip wccp                        ^ % Invalid input detected at '^' marker.

  Using the version 15.0

   Stack_3750X#sh ver Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)

  SDM prefer routing active.

   Stack_3750X#sh sdm prefer The current template is "desktop routing" template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 3K number of IPv4 IGMP groups + multicast routes: 1K number of IPv4 unicast routes: 10.875k number of directly-connected IPv4 hosts: 3K number of indirect IPv4 routes: 7.875k number of IPv6 multicast groups: 64 number of IPv6 unicast routes: 32 number of directly-connected IPv6 addresses: 0 number of indirect IPv6 unicast routes: 32 number of IPv4 policy based routing aces: 0.5K number of IPv4/MAC qos aces: 0.375k number of IPv4/MAC security aces: 0.875k number of IPv6 policy based routing aces: 0 number of IPv6 qos aces: 0 number of IPv6 security aces: 58

  Here is the license:

   Stack_3750X#sh license Index 1 Feature: ipservices Period left: Life time License Type: PermanentRightToUse License State: Active, Not in Use, EULA not accepted License Priority: None License Count: Non-Counted Index 2 Feature: ipbase Period left: Life time License Type: Permanent License State: Active, In Use License Priority: Medium License Count: Non-Counted Index 3 Feature: lanbase Period left: 0 minute 0 second

  Hi ipbase can't stand the wccp you need ipservices or license advanced

  http://www.Cisco.com/c/en/us/support/docs/Security/Web-security-appliance/118006-configure-WCCP-00.html

  Mark

• Issue of QoS

  I don't know if this can be done without a lot of manual configuration.

  I have a router (a SRI 2921 15.4 (3) M3) which is connected to the other ISR routers running (running 2921 s 15.4 (3) M3 and 4451-Xs running using DMVPNs 15.4 (3) S3).  DMVPN tunnel could be on several transport different speed of satellite links with bandwidth of 0, 5Mbps to Web links operating at a much higher speed.  I am trying to run QoS between two routers - right now, the problem I face is that I can apply only a service-policy output interface - so if I have several different speed links, I do only traffic QoS shaping for the slower speed.  I want to do is to have the value QoS using a different strategy based on the subnet - I think that I would need to have a single policy-map with a whole lot of access-group match in her statements and corresponding to ACL based on the subnet of each device.  Just to complicate this, there are several tunnels inside the router.

  Thanks in advance for any ideas!

  Quick drawing:

  Disclaimer

  The author of this announcement offers the information in this publication without compensation and with the understanding of the reader that there is no implicit or explicit adequacy or adaptation to any purpose. Information provided is for information purposes only and should not be interpreted as making the professional advice of any kind. Use information from this announcement is only at risk of the reader.

  RESPONSIBILITY

  Any author will be responsible for any wha2tsoever of damage and interest (including, without limitation, damages for loss of use, data or profits) arising out of the use or inability to use the information in the view even if author has been advised of the possibility of such damages.

  Poster

  I don't remember the actual command, although probably it is one of the commands of the PNDH.

  No, the policy does apply to the traffic on the hub is going we talked specific.

  To speak to the traffic of the hub, you can QoS manage 'normally '.

  BTW, in one of the later versions of IOS, DMVPN also supports the dynamic formatting (that is, it responds to the end to end congestion), which could work in either sense.

• Enabling QoS on the router

  Hello
  I am pretty raw on qos in layer 3 and let me know if Miss me something, or one that is most simple/better way to do this. I have a standard c881 cisco on my provider MPLS network and I'm trying to do the router on location1 qos in the router on guest place.2.
  I'm tagging 3 types of traffic to give priority and bandwidth reserved for some and shape the other, I mark with access-list, voip, 1 based on the ports, important traffic traffic traffic 2 based on ports. I haved create the group class cards matched access those access the lists, then the political cards on these classes and that's where it's a blur.

  AS FAR AS I KNOW:
  (1) I must apply the marking map policy on the entry of my local lan and the law enforcement out of my output interface?
  (2) QoS applies when theres is congestion on the network?
  (3) display all types of qos are, you have to choose, or you can mix them I'm confuse between DSCP and IP which is the best priority
  (4) after all this don't I have still have to control the interface as fair-queue or simply by the interface of police am good?

  * I have no control over the provider's on the MPLS router and I do not have a managed switch

  Thank you for everything I want to know if I'm in the right direction.

  OK quite a general question, you asked, but I'll try my best to answer them for you. Yes, you must mark your packages, you can do this entering the LAN interface that works perfectly. Mark using IP (0-7) prec or DSCP (https://www.tucny.com/Home/dscp-tos). This link will give you the numbers for both the DSCP or IP prec markings in decimal form and by class name. Personally if you are a beginner to QoS I think fair use IP prec sound much simpler.

  Prev IP you can skip classes 6 & 7 are for control, and routing protocols that are (dependent on platform of course) marked by the router automatically must be preferred. Class 5 is usually used for voice traffic, 4 for video, 1-3 for data traffic according to its importance and 0 for traffic best effort.

  So the first step is to decide what you want mark to what levels. Create ACLs or similar to match the traffic you want to match, then mark this traffic to the previous IP.

  Then on the outbound queue to the provider you want to prioritize. So if you have the voice traffic and you marked it IP prec 5 (exp its often called) so usually you would setup a queue to low latency to ensure that traffic is always priority over all others and sent immediately - reason being to reduce jitter causing major problems to voice packets. Do you this by using the priority order. Be careful with this command as the bandwidth that you put in after the declaration of priority is also a policeman to that number. Then in the other class-maps you match other numbers of IP precedence and use 'bandwidth' instructions to give them specific levels of bandwidth - are not controllers but package corresponding to these statements is less preferred than those corresponding to the queue of "priority".

  As below:

  http://www.Cisco.com/c/en/us/support/docs/quality-of-service-QoS/QoS-PAC...

  This part is more complex and may not be necessary depending on what you do, but you can do a few child-parent, formatted at this time as well. Some people will create a parent policy map called the previous policy card in it and the EIF of the circuit you have forms of PSI. This helps avoid maxing out the link congestion and better deals in gusts only one traffic profiles policeman. Or you can just put controllers in your class cards rather than statements of "bandwidth" If you know what each class requires.

  Finally and probably the forest hardest as it might involve talking to your access provider, make sure that they carry your brands through their base to your other sites. If they are, you should be able to create a political map on your other sites entering the WAN corresponding to different brands of IP precedence. You can then send the test traffic and you should see the stats of policy-plan of traffic on the corresponding end if the ISP realizes your markings. Most do so.

  Hope that covers everything you need, please rate answer.

• 3560 form/sharing of bandwidth QoS SRR

  I have the following Setup

  Core Stack (3750) - devices of Distribution range battery (3750) - access switches (3560).

  I want to implement bandwidth shape/share srr-queue on interface

  My question is

  1 - on which of your interfaces, I should implement the command and on what boxes?

  Hi Asus,

  Here's my recommendation & given you some post as well to understand the logic behind it for reference.

  Switch-Switch: Trust DSCP

  Switch-AP: Trust DSCP (if APs are local mode & switch port is configured as access ports)

  Switch-AP: Trust CoS (if your APs are in local switching FlexConnect mode & switch port is configured as a Trunk Port)

  http://mrncciew.com/2013/07/23/QoS-for-h-reap/

  also examine the underside as well.

  Switch - VoIP: Trust CoS (with trust cisco-phone device)

  http://mrncciew.com/2013/07/26/VoIP-phone-switchport-config/

  Switch - WLC: Trust CoS

  http://mrncciew.com/2013/02/24/best-practice-QoS-config/

  SRR orders must configure all interfaces with the priority queue if you want to do the voice traffic prioratization (DSCP EF traffic).

  http://mrncciew.com/2012/11/26/375035602960-wired-QoS/

  Take note that the QoS controls are specific hareware & always refer to the specific product configuration guide during Setup.

  HTH

  Rasika

  Pls note all useful responese *.

• bandwidth and QOS

  Hi guys,.

  I get a line of lease 20Mbps between two offices and it connects two cisco C4507R switches. I have configured the QOS on the two switches, and I know the QOS will take effect when the network congestion occurs. But the ports that connect the rental displays 100 Mbps on the switch. So I configured 'bandwidth 20480' command in the ports, if this will help active QOS when the network stream is up to 20Mbps?

  my command under the interface:

  interface GigabitEthernet1/38

  No switchport
  bandwidth 20480
  IP 10.81.16.4 255.255.255.248
  service-policy output QOS - SH

  Disclaimer

  The author of this announcement offers the information in this publication without compensation and with the understanding of the reader that there is no implicit or explicit adequacy or adaptation to any purpose. Information provided is for information purposes only and should not be interpreted as making the professional advice of any kind. Use information from this announcement is only at risk of the reader.

  RESPONSIBILITY

  Any author will be responsible for any wha2tsoever of damage and interest (including, without limitation, damages for loss of use, data or profits) arising out of the use or inability to use the information in the view even if author has been advised of the possibility of such damages.

  Poster

  Your 4500 QoS will only engage when the interface clutter.

  What you need is a shaper with QoS support, that can match bandwidth your provider.

  Unfortunately, this is not a feature of the 4500 series.

• SG-300 QoS Cisco on SNMP statistics

  Hello.

  I would like to monitor my Cisco SG-300 statistical QoS switches SNMP.

  I found the statistical QoS configuration page where I could set up two counters.

  Now, I have two questions:

  (1) how to read statistics QoS on SNMP counters?

  (2) I get the distinct quality of service statistics for each single port or following QoS limited to only these two counters?

  OK, move this thread... He worked subsequently in a manner:

  • Download Managed Switch MIB - 1.4.0 available here
  • If you have Linux, extract and put all the files in/usr/share/snmp/MIB/directory
  • now, you'll be able to get all the stats desired by yourself using snmpwalk
  • Here is list of the available QoS all variables related MIB:

  rlQosAceTidxTable
  rlQosAclTable
  rlQosAggregatePolicerStatisticsTable
  rlQoSApplicationDefaultAction
  rlQosClassifierRulesNumberUtilizationSystem
  rlQosClassifierUtilizationSystem
  rlQosClassifierUtilizationTable
  rlQosClassMapTable
  rlQosClearCounters
  rlQosCosQueueDefaultMapTable
  rlQosCosQueueTable
  rlQosDscpMutationTable
  rlQosDscpQueueDefaultMapTable
  rlQosDscpQueueTable
  rlQosDscpRemarkTable
  rlQosDscpToDpTable
  rlQosEfManageTable
  rlQosFreeIndexesTable
  rlQosIfPolicyTable
  rlQosIfProfileCfgTable
  rlQosMaxNumOfAce
  rlQosMibVersion
  rlQosModeGlobalCfgTable
  rlQosNamesToIndexesTable
  rlQosOutQueueStatisticsTable
  rlQosPolicerTable
  rlQosPolicyClassPriorityRefTable
  rlQosPolicyClassRefTable
  rlQosPolicyMapTable
  rlQosPortToProfileMappingTable
  rlQosQueueProfileTable
  rlQosQueueShapeProfileTable
  rlQosSinglePolicerStatisticsTable
  rlQosTupleTable

  • and you can extract data using the snmpwalk command (you must have installed the net-snmp package):

   snmpwalk -v 2c -c CommunitySecret X.X.X.X MIBvariable

  where:

  • CommunitySecret is the Readonly or Readwrite community string, you have defined on the switch
  • Where X.X.X.X is your IP of the switch management
  • MIBvariable is your MIB variable name selected in the list above.

• Need command to list connections WiFi currently active

  I have an active 800 series with WiFi SOHO router. I'm having a hard time coming up with a simple command that will produce a list of WiFi connections current/active to the end user of a given network SSID.

  The query I want to do is "show me the list of mac addresses and class/type/speed of the connection for all active connections to the network TESTWIFI.

  Could someone help me with a quick one-liner?

  Thank you

  Jason

  As far as I know that there is no single command that displays this information. Use Mac addresses to list show dot11 Association. For the use of Qos see map class.

• Setup QOS SG300 - 28 p

  Hi all.  I tried to configure my SG300 - 28 p for my 2960S, but using the following commands:

  conf t

  int row item in gi1-28

  Auto qos voip cisco-phone

  But there is no other command I can find on the SG300.  Did someone familiar with a similar command?  Or is a completely manual process on the SG300-QOS?

  I'm on the 1.3.7.18 firmware version

  Hi Ksuchewie,

  There is no auto qos in Cisco small business switches.  This feature of routers, catalyst and enterpirce.  Cisco small business voice switch vlan by default use DSCP 46 and CoS 5

  This average DSCP EF 46 mode

  My adivce replace DSCP 26 so it will match AF31 drops low.  Also I'll leave CoS in 5 locations.

  I'll give you an example how config qos voice vlan siwtch small business

  my example is DATA vlan 1 and vlan VoIP is 100

  quick order

  config t

  ID of the vlan 100 voices

  Voice vlan cos 5

  Voice vlan dscp 26

  WR mem

  Thank you

  Ministry of health

• Another issue of queues DSCP/QoS/CoS of 6500/7600

  OK... a little confused, thinking, that I know what needs to happen, and what is happening now, but it is true UN-certainty with that I hope that people can help.  Here are the basic configuration:

  A---|6500|--10G--|7604|---10G---|7604|---10G---|6500|---B

  You get the point.  Traffic crossing A-> B or vica versa.

  All the links of the kernel are L3/Routed, not L2/Vlan/.1q/ISL

  Traffic is marked on the Board with a political map of penetration.

  Traffic is confirmed through DURATION that it contains both CoS and DSCP/ToS, leaving the 6500 s two-way headed the core of 7600

  Traffic is ALSO confirmed through extending classes * receipt * on the other side by the 6500, that DSCP is maintained but CoS is gone/0.

  Considering that only 6708 - 10G modules allow apparently dscp values mapped to the queues/thresholds, which leaves me with the research of the queue on the penetration (for VoIP traffic priority) with cos-of-queue / beat mapping as well as output with cos to queue mappings.  Of course, this is not possible (at least on the penetration) if the 7600 are not preserving the CoS on the output of the port.

  This leaves wondering if the 7600 are same queue evacuation traffic based on internal mapping supposed DSCP-to-CoS that is supposed to happen before the queue/Scheduler.  Interfaces are all set up as "trust dscp" right now.  So the CISCO docs should be rewriting CoS to 0 on the penetration and using reliable dscp values to determine internal DSCP, which in turn should be used with DSCP-CoS map appropriate queue on exit... I am a sceptic, what happens really... and unfortunately, have really no way to verify (that I know) because the show on the 6500/7600 commands are fairly primitive about QoS stats...

  Then, we have been re - think about it and thought that maybe the thing to do to solve this problem is to:

  -Trust cos instead of dscp

  -enable transparency dscp (no rewriting dscp) so it is kept on the side of the switch output

  And so by doing this it would be:

  -use CoS to tail of penetration

  -use CoS to output queues

  - And to preserve the original CoS and DSCP/ToS values

  Would that be correct?

  Two other config options I thought were:

  -queue only mode

  -mpls cos spread (although I don't think that would do what I want, but rather simply spread non-existent MPLS EXP bits)

  Any help would be greatly appreciated... I read so many different docs now, my head is swimming

  Couple of caveats-

  (1) all the below apply to pre IOS 15, as I have no experience with which it may be different

  (2) I have not used a 7600, but I used the 6500 much but both share a large number of the linecards and I suspect you're referring to this kind of linecards.

  The main problem is that the CoS value is contained in the 802. 1 q non-native added tag VLANs on a trunk link. But your links are L3 if there is no value CoS to preserve.

  This creates two problems for you-

  (1) input queues. On penetration, the queues are CoS based which means you need to a CoS value to assign packets into queues. On the 7600 s you're obviously not see a CoS value for the reason explained. Now, you can use a political map and a service policy to classify and mark inbound traffic. But, as far as I know, you can set the IP precedence or DSCP marking in a map policy on traffic of the penetration. Some cards like cards ARE for the 7600 support defining a CoS value but I think they are the exception rather than the norm.

  (2) output queues. You are right in what you say, IE. You can trust the DSCP/IPP incoming value and then, assuming that the line card doesn't support based DSCP output queue, the 7600 may derive a value based on the internal DSCP value CoS and then put in the correct output queue.

  Yet once, however, without a trunk there no value written in the packet CoS.

  I entirely agree that it can be very difficult to tell exactly what the 6500 in terms of marking internal etc. This is one of the great frustrations with the 6500.

  Hope some of that helped.

  Edit - the only way that you can trust CoS on penetration as far as I can see is to make the trunk links IE. you use a vlan dedicated for each interconnection and allow only that vlan on the link. Then you simply transfer the IP addresses assigned to the physical ports for the SVI to the new VLAN on each switch. You should make sure that the vlan that you authorized through the link was not the vlan native because you need a tag to add.

  Jon

• QoS MX200 settings do not mark the packages

  I'm trying to set values of QoS on an endpoint MX200 AF41 (decimal 34) for audio and video packages.   I entered values in the GUI and it saved OK.  A sniffer trace shows packets still marked as best Effort DSCP = 0.  I have tried a reboot of the system in the maintenance tab but no help.  Command line appears to show the correct values:

  * c xConfiguration Mode of QoS Network 1: Diffserv

  * c xConfiguration network QoS Diffserv Audio 1: 34

  * c xConfiguration Diffserv QoS data of network 1:22

  * c xConfiguration Diffserv QoS signaling network 1:26

  * c video xConfiguration Diffserv QoS over IP 1:34

  Software version: TC5.1.0.280662

  Someone has experienced this problem?

  TJP

  Paul Anholt says:

  Have you verified that the switchport is trusting DSCP?
  

  That's where I'd look at first; a switch that has active QoS, but is not configured to Trust DSCP of the codec port, notice all the packages as DSCP 0.

• Newbie question ASA QoS

  Forgive the question probably simple, but is QoS applied only when an interface is maxed out and congested? I put to the traffic of policy for a single IP address, limiting to 384 KB of bandwidth with a connected only T-1. It does not "kick" and limit under normal traffic, so I think that QoS is not serious as long as best effort is bumping against the maximum speed of the line?

  I hope that I wrote that correctly! Thank you!

  Steve

  cool... so try to run DSL speed test now on any of your internal hosts and see the fun... :-)

  Yes you are right... If you exceed 384 Kbps... FW reset the connection or file your application

  have you configured globally or only on the Interface of your interior?

  Other commands that would help are

  (config) # sh - political global service

  (config) # sh police service-policy

  ASA5510-Single (config) # sh service-policy

  International policy:

  Service policy: global

  Class-map: MyClass

  Inspect: pptp, package 0 0 drop, reset - drop 0

  Class-map: global-class

  Inspect: error icmp, package 0 0 drop, reset - drop 0

  Inspect: pptp, package 0 0 drop, reset - drop 0

  Inspect: rtsp, package 0 0 drop, reset - drop 0

  Inspect: http, 0, 0 drop package, reset - drop 0

  Inspect: icmp, package 0 0 drop, reset - drop 0

  Inspect: ftp, packet 0 0 fall, reset - drop 0

  Inspect: dns, 0, 0 drop package, reset - drop 0

  Class-map: telnet

  Set the connection policy:

  Set the connection time-out policy:

  TCP 24:00:00

  Class-map: IPS-CLASS

  IPS: status of card upward, inline mode rescue

  sachet bag of 0, input output 0, fall 0, reset-drop 0

  ASA5510-Single (config) #.

• QOS - match flow ip destination-address

  I need someone to help me understand something. I have read several sources and they seem to indicate that this command has changed from ASA versions so now I have no idea if it works the way I think.

  I use QOS on ASA tunnels - level code 8.2.5.  I have a class only in tunnel-packets and I want to the police (pulsations) packages by tunnel - not individual flow in the tunnelees data. From what I understand this command will not have done this. Example, if I have five users in the tunnel all shipments a lot of date to each of its 5 addresses unique destination with a font of output of 10 MB, I think I could have actually 50 MB through the tunnel at the same time. Is this correct?

  I think I need to get rid of this using the command a match access list where sources and destinations are the subnets of the VPN sites that go through this tunnel. This way I have the police all the packages in the tunnel to the limit. This reasonnign is correct?   Thank you.

  Hello

  Exactly.

  Actually starting from the 8.2.1 is NEEDED when using groups of corresponding tunnel and police to have this keyword and YES it will not match individual flows

  Note all useful posts!

  Kind regards

  Jcarvaja

  Follow me on http://laguiadelnetworking.com