25-5
Cisco ASDM User Guide
OL-16647-01
Chapter 25 Configuring QoS
Creating the Standard Priority Queue for an Interface
You cannot configure traffic shaping and standard priority queueing for the same interface; only
hierarchical priority queueing is allowed. For example, if you configure standard priority queueing for
the global policy, and then configure traffic shaping for a specific interface, the feature you configured
last is rejected because the global policy overlaps the interface policy.
Typically, if you enable traffic shaping, you do not also enable policing for the same traffic, although the
security appliance does not restrict you from configuring this.

DSCP and DiffServ Preservation

DSCP markings are preserved on all traffic passing through the security appliance.
The security appliance does not locally mark/remark any classified traffic, but it honors the
Expedited Forwarding (EF) DSCP bits of every packet to determine if it requires “priority” handling
and will direct those packets to the LLQ.
DiffServ marking is preserved on packets when they traverse the service provider backbone so that
QoS can be applied in transit (QoS tunnel pre-classification).
Creating the Standard Priority Queue for an Interface
If you enable standard priority queueing for traffic on a physical interface, then you need to also create
the priority queue on each interface. Each physical interface uses two queues: one for priority traffic,
and the other for all other traffic. For the other traffic, you can optionally configure policing.
Note The standard priority queue is not required for hierarchical priority queueing with traffic shaping; see
the “Priority Queueing Overview” section on page 25-3 for more information.
To create the priority queue, perform the following steps:
Step 1 Go to Configuration > Device Management > Advanced > Priority Queue, and click Add.
The Add Priority Queue dialog box displays.
Step 2 From the Interface drop-down list, choose the physical interface name on which you want to enable the
priority queue, or for the ASA 5505, the VLAN interface name.
Step 3 To change the size of the priority queues, in the Queue Limit field, enter the number of average, 256-byte
packets that the specified interface can transmit in a 500-ms interval.
A packet that stays more than 500 ms in a network node might trigger a timeout in the end-to-end
application. Such a packet can be discarded in each network node.
Because queues are not of infinite size, they can fill and overflow. When a queue is full, any additional
packets cannot get into the queue and are dropped (called tail drop). To avoid having the queue fill up,
you can use this option to increase the queue buffer size.
The upper limit of the range of values for this option is determined dynamically at run time. The key
determinants are the memory needed to support the queues and the memory available on the device.
The Queue Limit that you specify affects both the higher priority low-latency queue and the best effort
queue.
Step 4 To specify the depth of the priority queues, in the Transmission Ring Limit field, enter the number of
maximum 1550-byte packets that the specified interface can transmit in a 10-ms interval.