Cisco FirePOWER ASA 5500 series Configuration Manual page 405
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 24
Applying QoS Policies
A traffic class is a set of traffic that is identifiable by its packet content. For example, TCP traffic with
a port value of 23 might be classified as a Telnet traffic class.
An action is a specific activity taken to protect information or resources, in this case to perform QoS
functions. An action is typically associated with a specific traffic class.
Configuring a traditional QoS policy for the security appliance consists of the following steps:
Defining traffic classes (class-map command).
•
Associating policies and actions with each class of traffic (policy-map command).
•
Attaching policies to logical or physical interfaces (service-policy command).
•
For detailed configuration steps, see the
Note
The class-map command defines a named object representing a class of traffic, specifying the packet
matching criteria that identifies packets that belong to this class. The basic form of the command is:
class-map class-map-name-1
match match-criteria-1
class-map class-map-name-n
match match-criteria-n
The policy-map command defines a named object that represents a set of policies to be applied to a set
of traffic classes. An example of such a policy is policing the traffic class to some maximum rate. The
basic form of the command is:
policy-map policy-map-name
class class-map-name-1
class class-map-name-n
The service-policy command attaches a policy-map and its associated policies to a target, named
interface.
Note
QoS-related policies under policy-map-name apply only to the outbound traffic, not to the inbound
traffic of the named interface.
The command also indicates whether the policies apply to packets coming from or sent to the target. For
example, an output policy (applied to packets exiting an interface) is applied as follows:
interface GigabitEthernet0/3
service-policy output policy-map-name
In addition, if you are differentiating between priority traffic and best-effort traffic, you must define a
low-latency queue (priority-queue command) on each named, physical interface transmitting
prioritized traffic.
The following example enables a default priority-queue with the default queue-limit and tx-ring-limit:
priority-queue name-interface
The following sections explain each of these uses in more detail.
OL-10088-01
policy-1
policy-n
policy-m
policy-m+1
"Configuring QoS" section on page
Cisco Security Appliance Command Line Configuration Guide
Implementing QoS
24-9.
24-3
Advertisement
Table of Contents
Troubleshooting
