From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Fri Nov 28 2008 - 06:38:17 ARST
G'day,
just a thought.
Your traffic QoS makring may get dropped somewhere behind ASA for example because of wrong QoS trust settings. I'd check how QoS marking is propagated internally before the traffic hits ASA.
Cheers,
A.
________________________________
From: Kim teu [kim.teu@gmail.com]
Sent: Thursday, November 27, 2008 3:19 PM
To: Alexei Monastyrnyi
Cc: Cisco certification; Cisco certification
Subject: Re: ASA priority queue not matching any traffic
Thanks Alexei. I tried to match dscp ef with no luck. However, I am able to match the RTP UDP ports and get hit count.
Thanks.
Kim
On Thu, Nov 27, 2008 at 4:28 AM, Alexei Monastyrnyi <alexeim@orcsoftware.com<mailto:alexeim@orcsoftware.com>> wrote:
Hei Kim.
I see you refer to RFC 1918 addresses with a class/policy applied to the outside interface. You may have an issue with them already been translated if you have a NAT over your outside interface. Your QoS ACL doesn't have any matches, have you noticed that?
Here is what I use for voice traffic, seems to work well.
class-map Voice
match dscp ef
!
policy-map VoicePolicy
class Voice
priority
class class-default
!
priority-queue outside
service-policy VoicePolicy interface outside
asa# sho service-policy inter outside
Interface outside:
Service-policy: VoicePolicy
Class-map: Voice
Priority:
Interface outside: aggregate drop 0, aggregate transmit 10745759
Class-map: class-default
Default Queueing
asa# show priority-queue statistics outside
Priority-Queue Statistics interface outside
Queue Type = BE
Tail Drops = 0
Reset Drops = 0
Packets Transmit = 4356223666
Packets Enqueued = 0
Current Q Length = 0
Max Q Length = 0
Queue Type = LLQ
Tail Drops = 0
Reset Drops = 0
Packets Transmit = 10745759
Packets Enqueued = 0
Current Q Length = 0
Max Q Length = 0
In ASA 7.2 config guide they apply a QoS service-policy globally, you may be interested in that piece of configuration:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html
Watch them use match tunnel-group and match flow ip things.
HTH,
A.
________________________________________
From: nobody@groupstudy.com<mailto:nobody@groupstudy.com> [nobody@groupstudy.com<mailto:nobody@groupstudy.com>] On Behalf Of Kim teu [kim.teu@gmail.com<mailto:kim.teu@gmail.com>]
Sent: Thursday, November 27, 2008 2:02 AM
To: Cisco certification; Cisco certification
Subject: ASA priority queue not matching any traffic
Hello group,
I have the priority queue configured for SIP traffic below, but the show
service-policy and the ACL are not matching any traffic. However, the show
conn shows the traffic...
sho service-policy
Interface outside:
Service-policy: VOICEPOLICY
Class-map: VOICE
Priority:
Interface outside: aggregate drop 0, aggregate transmit 0
priority-queue outside
class-map VOICE
match access-list QOS
!
!
policy-map VOICEPOLICY
class VOICE
priority
!
service-policy VOICEPOLICY interface outside
access-list QOS line 1 extended permit udp host 194.120.0.198<http://194.120.0.198> eq sip host
10.26.26.53<http://10.26.26.53> eq sip (hitcnt=0) 0x77f15290
access-list QOS line 2 extended permit udp any 10.26.26.0<http://10.26.26.0> 255.255.255.0<http://255.255.255.0> eq
sip (hitcnt=0) 0x7600f06f
access-list QOS line 3 extended permit udp any 10.26.26.0<http://10.26.26.0> 255.255.255.0<http://255.255.255.0> eq
www (hitcnt=0) 0x59b66261
access-list QOS line 4 extended permit udp any 10.26.26.0<http://10.26.26.0>
255.255.255.0range 16384 16482 (hitcnt=0) 0xddc0a3f3
access-list QOS line 5 extended permit udp 10.26.26.0<http://10.26.26.0> 255.255.255.0<http://255.255.255.0> range
16384 16482 any (hitcnt=0) 0x9bf0ba19
-- May All Behappy!!! Kim Loon Teu UE=uBW CCIE 19369 www.kimteu.com<http://www.kimteu.com> http://www.linkedin.com/in/kimteuAll conditioned phenomena Are like a dream, an illusion, a bubble, a shadow Like the dew, or like lightning You should discern them like this R;GPSPN*7(#,HgCN;CE]S0#,HgB6R`Hg5g#,S&WwHgJG9[
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST