I am used to configuring priority queuing using the priority-list and priority-group command but notice this is no longer available in the latest IOS's and it is now necessary to use Modular quality of service commands(MQC): I would like to prioritise telnet traffic, travelling via a VPN, destined for a specific IP address in the old term high queue and then SQL traffic, travelling via the same VPN, destined for a specific IP address in the old term medium queue.
I have figured out how to configure this, using the following articles as reference: http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-3_2_S/configuration/guide/3800x3600xscg/swmultilevel_pq.pdf
but have an issue in applying the configuration to an appropriate adapter. I'll explain:
This is the current QOS configuration;
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 126.96.36.199 eq telnet
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 188.8.131.52 eq telnet
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 184.108.40.206 eq 1433
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 220.127.116.11 eq 1444
class-map match-all cbs_traffic
match access-group 101
class-map match-all sql_traffic
match access-group 102
description cbs and sql priority traffic
priority level 1
priority level 2
When I try and apply it to the GigabitEthernet0/0 interface connected to the local LAN, which has an IP address of 192.168.2.2, I receive the following error:
licy input priority
Priority command not allowed at parent level in input direction
The router is connected to Fibre via the outside GigabitEthernet0/2 interface and can successfully apply this as a “service-policy output priority” command but this is no use to me, as all the traffic is encrypted before it leaves the interface, so it cannot distinguish the traffic: This being the case, it can only be classified on GigabitEthernet0/0, before it is encrypted.
How can I get this to work and achieve the prioritisation I require? Any assistance will be appreciated!