Cisco FirePOWER ASA 5500 series Configuration Manual page 412
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring QoS
where class_map_name is the name of the traffic class. When you enter the class-map command, the
CLI enters class map configuration mode.
Identify the traffic you determined in
Step 3
of identifying QoS traffic, see the
If you need to identify two or more non-contiguous ports, create an access list with the access-list
extended command, add an ACE to match each port, and then use the match access-list command. The
following commands show how to use an access list to identify multiple TCP ports with an access list:
hostname(config)# access-list acl-name any any tcp eq port_number_1
hostname(config)# access-list acl-name any any tcp eq port_number_2
hostname(config)# class-map class_map_name
hostname(config-cmap)# match access-list acl-name
If you need to identify a single port, use the match port command, as follows:
hostname(config-cmap)# match port {tcp | udp} port_number
where port_number is the destination port of traffic that you want to configure the security appliance to
police or mark for priority queuing.
If you need to identify a range of contiguous ports, use match port command with the range keyword,
as follows:
hostname(config-cmap)# match port {tcp | udp} range begin_port_number end_port_number
where begin_port_number is the lowest port in the range of ports and end_port_number is the highest
port.
Step 4
Create a policy map or modify an existing policy map that you want to use to apply policing or priority
queuing to the traffic identified in
"Defining a QoS Policy Map" section on page
Use the policy-map command, as follows:
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration
mode and the prompt changes accordingly.
Specify the class map, created in
Step 5
queuing. Use the class command to do so, as follows:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created in
map class configuration mode and the prompt changes accordingly.
Configure the action for the class. You can either mark the traffic class as priority traffic or specify rate
Step 6
limiting for the traffic class. Do one of the following:
•
If you want the traffic selected by the class map to be marked as priority traffic, enter the priority
command.
hostname(config-pmap-c)# priority
Note
Cisco Security Appliance Command Line Configuration Guide
24-10
Step
"Identifying Traffic for QoS" section on page
Step
Step
Priority queuing does not occur automatically to traffic marked as priority. To enable priority
queuing, you must complete
1. To do so, use a match command. For a detailed discussion
2. For more information about QoS policy maps, see the
24-5.
2, that identifies the traffic to be policed or marked for priority
Step 8
also, which enables the priority queues.
Chapter 24
Applying QoS Policies
24-4.
Step
2. The CLI enters the policy
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
