Re: Do You Manual Cisco QoS?

Speed of the site is controlled by the SHAPE command. (shape average 1544000)

The amount of Priority EF "Gold CAR" must be set to the amount purchased from vendor (Police 8000)

If we have no Gold CAR purchased, we change EF tags to AF4 tags.

We also police video to make sure someone cranking up a camera doesn't take down the network.

Our queue % must line up with Vendor's queues.

------ output QoS policy -------

!

!

class-map match-any realtime

match ip dscp cs5 ef

class-map match-any priority

match ip dscp cs4 af41 af42 af43

class-map match-any missioncritical

match ip dscp cs3 af31 af32 af33 cs6 cs7

class-map match-any transactional

match ip dscp cs2 af21 af22 af23

class-map match-any general

match ip dscp cs1 af11 af12 af13

class-map match-any besteffort

match ip dscp default

!

!

policy-map vmc

class realtime

  priority

  police 8000 conform-action transmit exceed-action drop

class priority

  bandwidth remaining percent 30

class missioncritical

  bandwidth remaining percent 20

class transactional

  bandwidth remaining percent 5

class general

  bandwidth remaining percent 1

class class-default

  bandwidth remaining percent 34

policy-map shape-vmc

class class-default

  shape average 1544000

service-policy vmc

!

!

interface serial0/0/0

service-policy output shape-vmc

!

------ input QoS policy -------

!

!

class-map match-any EF_marking

match ip dscp cs5 ef

match protocol rtp

match protocol skype

match access-group name EF_marking

!

class-map match-any AF4_marking

match ip dscp cs4

match protocol dns

match protocol citrix ica-tag "0"

match protocol ntp

match access-group name AF4_marking

description "Delete the following match class-map line to enable gold CAR"

match class-map EF-marking

!

class-map match-any AF3_marking

description "match DSCP 0x04 ssh-interactive"

match ip dscp 4 cs3

match protocol bgp

match protocol dhcp

match protocol kerberos

match protocol ldap

match protocol secure-ldap

match protocol citrix ica-tag "1"

match protocol citrix ica-tag "2"

match protocol sqlnet

match protocol sqlserver

match protocol h323

match protocol sip

match protocol pcanywhere

match access-group name AF3_marking

!

class-map match-any AF2_marking

description "cs2 is used for video"

match protocol citrix ica-tag "3"

match protocol exchange

match protocol secure-http

match protocol netbios

match protocol printer

match protocol gre

match access-group name AF2_marking

!

class-map match-any AF1_marking

description "match DSCP 0x02 scp over ssh"

match ip dscp 2 cs1

match protocol bittorrent

match protocol fasttrack

match protocol gnutella

match protocol ftp

match protocol secure-ftp

match protocol nfs

match protocol tftp

match access-group name AF1_marking

!

class-map match-any Citrix_Default

match protocol citrix

!

class-map match-any Video_marking

description "match cs2 Video"

match ip dscp cs2

match access-group name Video_marking

!

!

policy-map qos_ingress_LAN

class AF4_marking

  set dscp cs4

class EF_marking

  set dscp cs5

class AF3_marking

  set dscp cs3

class AF2_marking

  set dscp cs2

class AF1_marking

  set dscp cs1

class Citrix_Default

  set dscp cs4

class Video_CS2

  police 512000 conform-action set-dscp-transmit cs2 exceed-action drop

!

!

interface [LAN_INTERFACE]

service-policy input qos_ingress_LAN

!

!

ip access-list extended AF1_marking

remark iscsi

permit tcp any any eq 3260

permit tcp any eq 3260 any

!

ip access-list extended AF2_marking

remark t.38

permit tcp any any eq 6004

permit udp any any eq 6004

permit tcp any eq 6004 any

permit udp any eq 6004 any

!

remark HP Printer Raw

permit tcp any any eq 9100

permit tcp any eq 9100 any

!

!

ip access-list extended Video_marking

remark Add ACL Here

!

!

ip access-list extended AF3_marking

remark Telnet

permit tcp any eq telnet any

permit tcp any any eq telnet

!

remark RDP

permit tcp any eq 3389 any

permit tcp any any eq 3389

!

remark dameware port 6129

permit tcp any any eq 6129

permit tcp any eq 6129 any

!

remark ica browser 1604U

permit udp any any eq 1604

permit udp any eq 1604 any

!

remark VNC

permit tcp any any eq 5900

permit tcp any any eq 5901

permit tcp any any eq 5902

permit tcp any eq 5900 any

permit tcp any eq 5901 any

permit tcp any eq 5902 any

!

!

ip access-list extended AF4_marking

remark Add ACL Here

!

!

ip access-list extended EF_marking

remark oovoo video conf

permit udp any any eq 443

permit udp any eq 443 any

!