prioritize traffic based on IP address

Posted on 2013-01-23
Last Modified: 2013-02-07
There was a similar question asked back in 2008 about prioritizing traffic on a Cisco router.

While my situation is very similar to the other question asked, I am curious how to prioritize traffic based on the IP address.

We have a library management system traffic from various library branches to my central branch.  The library management system traffic is client/server based and consists of bursts of data to a specific set of IP addresses.  How can I configure the routers to give absolute priority to traffic based on the IP address of our servers?

I am trying to setup the router so that data from three IP addresses will have priority when being sent out to the clients.

I think that I will need to create a standard access list with the IP addresses of our library management systems, but I am not sure about to best way to get this accomplished.
Question by:MBisch
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 26

Expert Comment

by:Fred Marshall
ID: 38812631
It all depends on what features your router Quality of Service (QoS) capabilities offer.

By priority, do you mean absolute ordering or just priority in a more probabistic sense?

If absolute ordering, how long do you wait before letting a packet go forward?  If there are two vying packets then maybe it's clear.  But what if there are no vying packets (yet)?  How long do you wait?  No matter how long you wait, there is always the possibility (even if small) that the higher priority device will finally yield an older packet to the router.  Maybe you can guarantee this can't happen.  How?
Or, do you ignore such niceties and let packets go as they arrive until there is a bit of conflict.  If there's a small bit of conflict, how much difference does that make in your scheme of things?  Or, do you buffer packets for a time and then let them go if there's no conflict of priorities?

Actually this assumes "age" is the measure.  Maybe the measure is really "real time arrival at the router".  Which is it?  If it's real time arrival at the router then what's the issue re: priorities?

I'd start out by playing around with the router's QoS features......
LVL 20

Expert Comment

ID: 38813238
You identify the IP address through matching against an ACL.

Check out this doc for the QoS part and classification
LVL 10

Assisted Solution

mat1458 earned 250 total points
ID: 38813291
You will use an extended IP access list since most communication is bidirectional (you don't want the ACKs be delayed):

ip access-list extended ACL_LIBRARY_MANAGEMENT
permit ip host Server1 any
permit ip host Server2 any
permit ip host Server3 any
permit ip any host Server1
permit ip any host Server2
permit ip any host Server3

This way you can use the access-list (which is bound into a class-map, then policy-map, then service-policy) in both directions. You could build access-lists for each direction but with the small amount of statements you need it's not worth the work in my opinion.

Accepted Solution

Sandeep Gupta earned 250 total points
ID: 38813609
like this: See LAST config part first:

class-map match-any CUSTOMER_EF
  match access-group name CUSTOMER_EF
class-map match-any CUSTOMER_AF3
  match access-group name CUSTOMER_AF3
class-map match-any CUSTOMER_AF2
  match access-group name CUSTOMER_AF2
class-map match-any EF_WAN
  match ip precedence 5
class-map match-any AF3_WAN
  match ip precedence 4
class-map match-any AF2_WAN
  match ip precedence 3
policy-map PREMIUM
  class EF_WAN
  class AF3_WAN
   bandwidth remaining percent <<put your desired BW% allocation ex:66>>
   queue-limit 272
   queue-limit precedence 4 150
  class AF2_WAN
   bandwidth remaining percent 21
   queue-limit 150
  class class-default
   bandwidth remaining percent 13
   queue-limit 150

policy-map LAN_IN
!Suppose you want 5mb of traffic to be priortiez the put the BW in bps i.e. 50000
   police cir 5000000 bc 6000000
   conform-action set-prec-transmit 5
   conform-action set-cos-transmit 6
   exceed-action drop
  class CUSTOMER_AF3
   set cos 4
   set precedence 4
  class CUSTOMER_AF2
   set cos 3
   set precedence 3
  class class-default
   set cos 2
   set precedence 2
policy-map WAN_IN
   police cir 5000000 bc 6000000
   conform-action set-prec-transmit 5
   conform-action set-cos-transmit 6
   set cos 4
   set precedence 4
  class CUSTOMER_AF2
   set cos 3
   set precedence 3
  class class-default
   set cos 2
   set precedence 2

policy-map WAN
  class class-default
    shape average <<PUT you desired BW allocation in bps. ex for 30mb put 30000000>>
    service-policy PREMIUM
policy-map LAN
  class class-default
    shape average 30000000
    service-policy PREMIUM


service-policy input WAN_IN
service-policy output WAN


service-policy input LAN_IN
service-policy output LAN

!in each class map you can define your desired IPs
!suppose you your voip network on and data network is then !you can priortize like this:

ip access-list extended CUSTOMER_AF2
permit ip any any precedence flash

ip access-list extended CUSTOMER_AF3
permit ip any any precedence flash-override
permit ip any any precedence internet
permit ip any any precedence network
permit ip any

ip access-list extended CUSTOMER_EF
permit ip any any precedence critical
permit ip 0.0.0..63 any

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month7 days, 4 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question