Activating The Service Policy - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 24
Applying QoS Policies
The following example builds on the configuration developed in the previous section. As in the previous
example, there are two named class-maps: tcp_traffic and TG1-voice. Adding a third class-map:
hostname(config)# class-map TG1-best-effort
hostname(config-cmap)# match tunnel-group Tunnel-Group-1
hostname(config-cmap)# match flow ip destination-address
provides a basis for defining a tunneled and non-tunneled QoS policy, as follows, which creates a simple
QoS policy for tunneled and non-tunneled traffic, assigning packets of the class TG1-voice to the low
latency queue and setting rate limits on the tcp_traffic and TG1-best-effort traffic flows.
"Best effort" does not guarantee reliable packet delivery, in that it does not use a sophisticated
Note
acknowledgement system. It does, however, make a "best effort" to deliver packets to the destination.
In this example, the maximum rate for traffic of the tcp_traffic class is 56,000 bits/second and a
maximum burst size of 10,500 bytes per second. For the TC1-BestEffort class, the maximum rate is
200,000 bits/second, with a maximum burst of 37,500 bytes/second. Traffic in the TC1-voice class has
no policed maximum speed or burst rate because it belongs to a priority class:
hostname(config)# policy-map qos
hostname(config-pmap)# class tcp_traffic
hostname(config-pmap-c)# police output 56000 10500
hostname(config-pmap-c)# class TG1-voice
hostname(config-pmap-c)# priority
hostname(config-pmap-c)# class TG1-best-effort
hostname(config-pmap-c)# police output 200000 37500
hostname(config-pmap-c)# class class-default
hostname(config-pmap-c)# police output 1000000 37500
You can have up to 256 policy-maps, and up to 256 classes in a policy map. The maximum number of
Note
classes in all policy maps together is 256. For any class-map, you can have only one match statement
associated with it, with the exception of a tunnel class. For a tunnel class, an additional match
tunnel-group statement is allowed.
The class class-default always exists. It does not need to be declared.
Activating the Service Policy
The service-policy command activates a policy-map command globally on all interfaces or on a targeted
interface. An interface can be a virtual (vlan) interface or a physical interface. Only one global
policy-map is allowed. If you specify the keyword interface and an interface name, the policy-map
applies only to that interface. An interface policy-map inherits rules from the global policy-map. For
rules that overlap with the global policy map, the interface policy rules will be applied. Only one
interface policy-map can be applied to an interface at any one time.
In general, a service-policy command can be applied to any interface that can be defined by the nameif
command.
Using the policy-map example in the previous section, the following service-policy command activates
the policy-map "qos," defined in the previous section, for traffic on the outside interface:
hostname(config)# service-policy qos interface outside
OL-12172-03
Cisco Security Appliance Command Line Configuration Guide
Activating the Service Policy
24-7
Advertisement
Table of Contents
Troubleshooting
