Looks like exactly what I'm looking for, but for some reason doesn't work. Below produces 0 packet match.
ip ssh prec 2 class-map match-any SSH match ip dscp cs2 match ip precedence 2 As a test I also tried this: ip access-list extended Management_Access remark Play nice with router management traffic permit tcp any range 22 telnet any permit tcp any any range 22 telnet class-map match-any management match access-group name Management_Access policy-map Mark-Local-SSH class management set ip dscp cs2 ip local policy route-map Mark-Local-SSH --- Later on this matches 0 packets in both cases class-map match-any SSH match ip dscp cs2 match ip precedence 2 --Andrey On Mon, Jul 29, 2013 at 3:47 PM, Chuck Church <chuckchu...@gmail.com> wrote: > Newer IOS support setting precedence or DSCP for outbound SSH: > > ip ssh prec 2 > > > Thanks, > > Chuck > > -----Original Message----- > From: Andrey Khomyakov [mailto:khomyakov.and...@gmail.com] > Sent: Monday, July 29, 2013 12:07 PM > To: Nanog > Subject: management traffic QoS on Tunnel interfaces > > Hi all, > I have been trying to come up with a qos policy (or rather where to apply > it) for reserving some bandwidth for management traffic to the local router > The setup is that a remote route is a spoke to a DMVPN network, thus has a > couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh). > I have no issue working out service policy for transiting traffic, however, > I can't wrap my head around how to reserve some bandwidth for the locally > originated SSH traffic (managing the router). > > I'd like to mark ssh response packets from the local router (1.1.1.1) with > CS2,so i can match them in the tunnel policy shown below. > > Has anyone come across this task before? > > interface Loopback0 > ip address 1.1.1.1 255.255.255.255 > > interface Tunnel0 > ip address 2.2.2.2 255.255.255.0 > qos pre-classify > <snip> > tunnel source FastEthernet0/0 > tunnel mode gre multipoint > tunnel protection ipsec profile protect-gre shared ! > interface FastEthernet0/0 > desc DSL/Cable/FiOS > ip address 3.3.3.3 255.255.255.0 > bandwidth 768 > bandwidth receive 1500 > service-policy output SHAPE-OUT-768 > ! > class-map match-any SSH > match ip dscp cs2 > ! > policy-map SHAPE-OUT-768 > class class-default > shape average 768000 > service-policy SSH > ! > service-policy SSH > class SSH > bandwidth percent 5 > class class-default > fair-queue > queue-limit 15 packets > > > > --Andrey > >
