Cisco FirePOWER ASA 5500 series Configuration Manual page 413

Chapter 24 Applying QoS Policies
For details about priority queuing, see the
and the priority command page in the Cisco Security Appliance Command Reference.
If you want the security appliance to police the traffic selected by the class map, enter the police
•
command.
hostname(config-pmap-c)# police [output] conform-rate [conform-burst] [conform-action
[drop | transmit] [exceed-action {drop | transmit}]]
For details about the use of the police command, see the
page 24-6
Use the service-policy command to apply the policy map globally or to a specific interface, as follows:
Step 7
hostname(config-pmap-c)# service-policy policy_map_name [global | interface interface_ID]
hostname(config)#
where policy_map_name is the policy map you configured in
to traffic on all the interfaces, use the global option. If you want to apply the policy map to traffic on a
specific interface, use the interface interface_ID option, where interface_ID is the name assigned to the
interface with the nameif command.
The security appliance begins policing traffic and marking traffic for priority queuing, as specified.
If in Step 6
Step 8
security appliance performs priority queuing.
For each interface on which you want the security appliance to perform priority queuing, perform the
following steps:
Enter the priority-queue command:
a.
hostname(config)# priority-queue interface
hostname(config-priority-queue)#
where interface is the name assigned to the physical interface whose priority queue you want to
enable. VLAN interfaces do not support priority queuing. The CLI enters the Priority-queue
configuration mode and the prompt changes accordingly
(Optional) If you want to specify a non-default maximum number of priority packets that can be
b.
queued, enter the queue-limit command, as follows:
hostname(config-priority-queue)# queue-limit number-of-packets
The default queue size is 2048 packets.
c. (Optional) If you want specify a non-default maximum number of packets allowed into the transmit
queue, enter the tx-ring-limit command, as follows:
hostname(config-priority-queue)# tx-ring-limit number-of-packets
The default transmit queue size is 128 packets.
On the interfaces you enabled priority queuing, the security appliance begins performing priority
queuing.
The following example creates class maps for high priority (voice) and best effort traffic for a previously
configured tunnel group, named "tunnel-grp1". The "qos" policy map includes the police command for
the best effort and the default traffic classes and the priority command for the voice class. The service
policy is then applied to the outside interface and the priority queue for the outside interface is enabled.
OL-10088-01
and the police command page in the Cisco Security Appliance Command Reference.
you entered the priority command, you must enable priority queues on interfaces before the
"Applying Low Latency Queueing" section on page 24-8
"Applying Rate Limiting" section on
Step 4. If you want to apply the policy map
Cisco Security Appliance Command Line Configuration Guide
Configuring QoS
24-11