How to configure and apply priority queuing

Hi,

I am used to configuring priority queuing using the priority-list and priority-group command but notice this is no longer available in the latest IOS's and it is now necessary to use Modular quality of service commands(MQC): I would like to prioritise telnet traffic, travelling via a VPN, destined for a specific IP address in the old term high queue and then SQL traffic, travelling via the same VPN, destined for a specific IP address in the old term medium queue.

I have figured out how to configure this, using the following articles as reference: http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-3_2_S/configuration/guide/3800x3600xscg/swmultilevel_pq.pdf; http://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/15_1/qos_15_1_book/qos_mqc.pdf but have an issue in applying the configuration to an appropriate adapter. I'll explain:

This is the current QOS configuration;

access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.17 eq telnet
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.28 eq telnet
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.18 eq 1433
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.27 eq 1444

class-map match-all cbs_traffic
match access-group 101
match any
class-map match-all sql_traffic
match access-group 102
match any
!
policy-map priority
description cbs and sql priority traffic
class cbs_traffic
  priority level 1
class sql_traffic
  priority level 2

When I try and apply it to the GigabitEthernet0/0 interface connected to the local LAN, which has an IP address of 192.168.2.2, I receive the following error:

3925(config-if)#service-policy input priority
Priority command not allowed at parent level in input direction

The router is connected to Fibre via the outside GigabitEthernet0/2 interface and can successfully apply this as a “service-policy output priority” command but this is no use to me, as all the traffic is encrypted before it leaves the interface, so it cannot distinguish the traffic: This being the case, it can only be classified on GigabitEthernet0/0, before it is encrypted.

How can I get this to work and achieve the prioritisation I require? Any assistance will be appreciated!

Regards,
Gavin
Gavin75Asked:
Who is Participating?
 
Alex BaharConnect With a Mentor Commented:
Hi Gavin,

First of all, I would refrain from using the name "priority" . It is a reserved keyword.

Priority queue can only be applied in the egress direction (sent packets) because you cannot control the queuing for the packets already received. Ingress traffic is FIFO..

For applying QoS to encrypted tunnels, sometimes it is possible to "pre classify" traffic. That's classifying the traffic before it is encrypted and sent into the tunnel.

I hope this helps.

Alex
1
 
Gavin75Author Commented:
Hi Alex,

Apologies for the later reply but you were correct in that I ended up having to pre-classify the traffic with some assistance from TAC.

Regards,
Gavin
0
 
Gavin75Author Commented:
The solution provided by abahar was after a solution had been found but the pre classify comment was correct but not enough detail to be an A
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.