Solved

How to configure and apply priority queuing

Posted on 2015-02-22
3
88 Views
Last Modified: 2016-03-01
Hi,

I am used to configuring priority queuing using the priority-list and priority-group command but notice this is no longer available in the latest IOS's and it is now necessary to use Modular quality of service commands(MQC): I would like to prioritise telnet traffic, travelling via a VPN, destined for a specific IP address in the old term high queue and then SQL traffic, travelling via the same VPN, destined for a specific IP address in the old term medium queue.

I have figured out how to configure this, using the following articles as reference: http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-3_2_S/configuration/guide/3800x3600xscg/swmultilevel_pq.pdf; http://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/15_1/qos_15_1_book/qos_mqc.pdf but have an issue in applying the configuration to an appropriate adapter. I'll explain:

This is the current QOS configuration;

access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.17 eq telnet
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.28 eq telnet
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.18 eq 1433
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 200.100.1.27 eq 1444

class-map match-all cbs_traffic
match access-group 101
match any
class-map match-all sql_traffic
match access-group 102
match any
!
policy-map priority
description cbs and sql priority traffic
class cbs_traffic
  priority level 1
class sql_traffic
  priority level 2

When I try and apply it to the GigabitEthernet0/0 interface connected to the local LAN, which has an IP address of 192.168.2.2, I receive the following error:

3925(config-if)#service-policy input priority
Priority command not allowed at parent level in input direction

The router is connected to Fibre via the outside GigabitEthernet0/2 interface and can successfully apply this as a “service-policy output priority” command but this is no use to me, as all the traffic is encrypted before it leaves the interface, so it cannot distinguish the traffic: This being the case, it can only be classified on GigabitEthernet0/0, before it is encrypted.

How can I get this to work and achieve the prioritisation I require? Any assistance will be appreciated!

Regards,
Gavin
0
Comment
Question by:Gavin75
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
Alex Bahar earned 500 total points
ID: 41058104
Hi Gavin,

First of all, I would refrain from using the name "priority" . It is a reserved keyword.

Priority queue can only be applied in the egress direction (sent packets) because you cannot control the queuing for the packets already received. Ingress traffic is FIFO..

For applying QoS to encrypted tunnels, sometimes it is possible to "pre classify" traffic. That's classifying the traffic before it is encrypted and sent into the tunnel.

I hope this helps.

Alex
1
 

Author Comment

by:Gavin75
ID: 41486597
Hi Alex,

Apologies for the later reply but you were correct in that I ended up having to pre-classify the traffic with some assistance from TAC.

Regards,
Gavin
0
 

Author Closing Comment

by:Gavin75
ID: 41486600
The solution provided by abahar was after a solution had been found but the pre classify comment was correct but not enough detail to be an A
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now