23-10
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 23 Configuring QoS
Configuring QoS
Restrictions
• You cannot use the class-default class map for priority traffic.
• You cannot configure traffic shaping and standard priority queuing for the same interface; only
hierarchical priority queuing is allowed.
• (ASASM) The ASASM only supports policing.
• For policing, to-the-box traffic is not supported.
• For policing, traffic to and from a VPN tunnel bypass interface is not supported.
• For policing, when you match a tunnel group class map, only outbound policing is supported.
Guidelines
• For priority traffic, identify only latency-sensitive traffic.
• For policing traffic, you can choose to police all other traffic, or you can limit the traffic to certain
types.
Detailed Steps
Command Purpose
Step 1
class-map priority_map_name
Example:
ciscoasa(config)# class-map
priority_traffic
For priority traffic, creates a class map to identify the traffic for
which you want to perform priority queuing.
Step 2
match parameter
Example:
ciscoasa(config-cmap)# match access-list
priority
Specifies the traffic in the class map. See the “Identifying Traffic
(Layer 3/4 Class Maps)” section on page 1-12 for more
information.
Step 3
class-map policing_map_name
Example:
ciscoasa(config)# class-map
policing_traffic
For policing traffic, creates a class map to identify the traffic for
which you want to perform policing.
Step 4
match parameter
Example:
ciscoasa(config-cmap)# match access-list
policing
Specifies the traffic in the class map. See the “Identifying Traffic
(Layer 3/4 Class Maps)” section on page 1-12 for more
information.
Step 5
policy-map name
Example:
ciscoasa(config)# policy-map QoS_policy
Adds or edits a policy map.