24-3
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 24 Applying QoS Policies
Implementing QoS
A traffic class is a set of traffic that is identifiable by its packet content. For example, TCP traffic with
a port value of 23 might be classified as a Telnet traffic class.
An action is a specific activity taken to protect information or resources, in this case to perform QoS
functions. An action is typically associated with a specific traffic class.
Configuring a traditional QoS policy for the security appliance consists of the following steps:
• Defining traffic classes (class-map command).
• Associating policies and actions with each class of traffic (policy-map command).
• Attaching policies to logical or physical interfaces (service-policy command).
Note For detailed configuration steps, see the “Configuring QoS” section on page 24-9.
The class-map command defines a named object representing a class of traffic, specifying the packet
matching criteria that identifies packets that belong to this class. The basic form of the command is:
class-map class-map-name-1
match match-criteria-1
class-map class-map-name-n
match match-criteria-n
The policy-map command defines a named object that represents a set of policies to be applied to a set
of traffic classes. An example of such a policy is policing the traffic class to some maximum rate. The
basic form of the command is:
policy-map policy-map-name
class class-map-name-1
policy-1
policy-n
class class-map-name-n
policy-m
policy-m+1
The service-policy command attaches a policy-map and its associated policies to a target, named
interface.
Note QoS-related policies under policy-map-name apply only to the outbound traffic, not to the inbound
traffic of the named interface.
The command also indicates whether the policies apply to packets coming from or sent to the target. For
example, an output policy (applied to packets exiting an interface) is applied as follows:
interface GigabitEthernet0/3
service-policy output policy-map-name
In addition, if you are differentiating between priority traffic and best-effort traffic, you must define a
low-latency queue (priority-queue command) on each named, physical interface transmitting
prioritized traffic.
The following example enables a default priority-queue with the default queue-limit and tx-ring-limit:
priority-queue name-interface
The following sections explain each of these uses in more detail.
To Next Page
Loading...
