This tutorial helps you learn how to use Provisioned QoS Policy Manager (QPM-PRO) to create and distribute QoS policies and configurations. It is comprised of a series of lessons, each of which steps you through procedures for creating different types of policies and deploying them to the network.

The tutorial contains the following topics and lessons:

Using Policy Manager

Policy Manager enables you to create and edit QoS policies and configurations. The following topics provide you with the basics for using Policy Manager:

Starting Policy Manager and Logging Into QPM-PRO
Understanding the Main Policy Manager Window
Cutting, Copying, and Pasting Policies
Changing the Policy Manager Display
Saving Your Work
Exiting Policy Manager

Note When working with QPM-PRO Policy Manager, you can click the Help button in any of the windows to access context-sensitive online help.

Starting Policy Manager and Logging Into QPM-PRO

Start Policy Manager to create, change, delete, and view your QoS configuration and policies.

Procedure

Step 1 Select Start>Programs>QoS Policy Manager Pro>Policy Manager.

If you are not already logged in, QPM-PRO opens the Logon Information window.

Step 2 Log into QPM-PRO. You must enter a QPM-PRO user name and password according to these requirements:

Read-write access—If you want to be able to save your changes to the QoS database, you must use a user account defined in the QPM-PRO user group. Unless you changed the group during installation, the group is QPM_Users and is defined on the machine running the QoS Manager service. QPM-PRO creates a default user in this group: QPM_User with no password.
Read-only access—If you only want to view the QoS database, you can use a user account defined in the QPM-PRO guest group. Unless you changed the group during installation, the group is QPM_Guests and is defined on the machine running the QoS Manager service.

If you enter a correct name and password, Policy Manager starts and automatically opens the last QoS database that was open.

Tips

The domain for the QPM_User account is the name of the machine running the QoS Manager service.
You cannot log into QPM-PRO unless you select a domain name. If the domain list is empty, you must first log into the Windows NT network before starting QPM-PRO.
You can also start Policy Manager from Distribution Manager by selecting Tools>Policy Manager.

Understanding the Main Policy Manager Window

The main Policy Manager window (Figure 3-1) is divided into three panes.

Tree View—The left pane. This pane displays a hierarchical view of the devices and device groups being managed, and their associated interfaces.
List View—The upper right pane. This pane displays the policies defined for the interface, device, or device group selected in the tree view pane, if any.
Properties Preview—The lower right pane. This pane displays the properties of a device, interface, or policy selected in the tree or list view panes. You can choose not to display this pane by selecting View>Properties Preview.

Figure 3-1: The Main Policy Manager Window

Tree View

The tree view pane (Figure 3-2) shows the devices and device groups being managed in QPM-PRO. The Devices directory contains a separate folder for each device. Most device folders contain a list of interfaces on which you define QoS policies. For some devices, you define policies directly on the device folder.

The Device Groups directory contains the device groups you have defined. Device groups are groups of interfaces that you intend to manage using identical policies. You must treat all interfaces in a device group identically.

Figure 3-2: Policy Manager Tree View Pane

The tree view pane is where you start when creating a policy. If the device is not yet defined in the QoS database, you must first define it and add its interfaces. If the device is already defined in the QoS database, you must select the folder (usually an interface) on which you want to define a policy before you can create (or change) the policy.

Table 3-1: Description of Icons in Tree View

Icon	Description
	Device
	Device Group
	Interface
	Interface on which the QoS property has been changed or policies have been defined.

List View

The list view pane (Figure 3-3) shows the policies that are defined on the interface, device, or device group selected in the tree view.

If you select an interface that belongs to a device group, the list of policies includes those defined on the device group, as well as those defined directly on the interface. You cannot edit or change the order of group policies when viewing them from a member interface. Group policies are always given lower priority than individual interface policies.

Figure 3-3: Policy Manager List View Pane

The top bar of the list view includes the following items:

Buttons for moving a policy up or down in the list. Policy placement can be important. When a packet enters the interface, the device software looks for the first policy match, and once it matches a packet to a policy, it does not consider any of the remaining policies (unless the matched policy explicitly indicates that other policies should be analyzed).
The name of the folder that is selected in the tree view, that is, the item with which the displayed list of policies is associated.
A filter for specifying which policies are displayed in the list. This enables you to choose to display only policies of a certain type, for example, only enabled policies. Filtering out policies does not remove these policies from the database. It only eliminates them from the list, making it easier for you to locate a policy statement if you have defined a large number of policies for an interface.

Each policy in the list is preceded by an icon that indicates the direction of the policy (inbound or outbound) and its status (enabled or disabled). Table 3-2 describes these icons.

Table 3-2: Description of Icons in List View

Icon	Description
	Inbound policy.
	Outbound policy.
	Inbound policy on device group.
	Outbound policy on device group.
	Disabled policy.

Properties Preview

The properties preview pane displays the properties of the device, device group, interface, or policy selected in the tree or list panes. This can help you determine if you have defined the properties and filter conditions correctly. You can choose not to display the properties preview pane by selecting View>Properties Preview. Repeat this action to redisplay the pane.

Cutting, Copying, and Pasting Policies

You can use the standard Windows cut, copy, and paste functions to manipulate policies in the QPM-PRO list pane.

Procedure

Step 1 Select the policy you want to cut or copy, or the folder in the tree view in which you want to paste the policy.

Step 2 Use these commands from the Edit menu or from the right mouse button popup menu to cut, copy, or paste.

Cut—Copies the selected policy to the Windows clipboard and removes it from the current folder.
Copy—Copies the selected policy to the Windows clipboard without removing it from the current folder.
Paste—Pastes the policy to the selected interface, device, or device group folder. If the selected folder does not support the policy, you will not be able to paste it.

Changing the Policy Manager Display

You can change the main Policy Manager window to display information according to your preferences. Table 3-3 lists the available commands for changing the main Policy Manager window.

Table 3-3: Changing the Policy Manager Main Window

If you want to...	Command	Description
Display or hide the tool bar	View>Tool Bar	The tool bar is the row of short-cut buttons beneath the menu. When Tool Bar is checked on the View menu, the tool bar is displayed.
Display or hide the status bar	View>Status Bar	The status bar is at the bottom of the window, and displays informative messages as you use Policy Manager. When Status Bar is checked on the View menu, the status bar is displayed.
Display or hide the properties preview pane	View>Properties Preview	The properties preview is displayed in the lower right pane of the window, and shows the properties of the selected device, interface or policy statement. When Properties Preview is checked on the View menu, the properties preview is displayed.

Saving Your Work

You must periodically save your changes to the QoS database. However, saving your changes to the database does not apply those changes to the network. You must use Distribution Manager to deploy your new or changed policies to the network.

Procedure

Step 1
Click the Save button, or select File>Save.

If the database already has a name, the database is saved.
If the database does not have a name, QPM-PRO opens the Save Database window. Enter a relevant name and description for the database and click OK.

If the QoS Manager service is not available when you try to save the database, the database is saved to your local disk. Check the machine that is running QoS Manager to ensure it is running properly and try saving the database again.

Tips

You can change the name of the database by selecting File>Save As.

Exiting Policy Manager

From the Policy Manager interface, you can close Policy Manager only, or close both Policy Manager and Distribution Manager.

Procedure

Step 1 To close Policy Manager without closing Distribution Manager, select File>Close.

To close both Policy Manager and Distribution Manager, select File>Exit.

Using Distribution Manager

Distribution Manager enables you to deploy policies to network devices. The following topics provide you with the basics for using Distribution Manager:

Starting Distribution Manager
Understanding the Main Distribution Manager Window
Changing the Distribution Manager Display
Starting Policy Manager from Distribution Manager
Exiting Distribution Manager

Note When working with QPM-PRO Distribution Manager, you can click the Help button in any of the windows to access context-sensitive online help.

Starting Distribution Manager

Start Distribution Manager to distribute policies and QoS settings to network devices.

Procedure

Step 1
Click the Distribution Manager button on the Policy Manager tool bar or select Tools>Distribution Manager in Policy Manager.

Distribution Manager starts.

Tips

You can also start Distribution Manager by selecting Start>Programs>QoS Policy Manager Pro>Distribution Manager. If you have not already logged into Policy Manager, you must log into Distribution Manager using a name defined in the Windows NT QPM-PRO user group (for viewing and deployment of jobs) or guest group (for viewing only).

Understanding the Main Distribution Manager Window

The main Distribution Manager window (Figure 3-4) is divided into three panes.

All Jobs Tree View—The upper left pane displays all jobs that you have created from QoS databases.
List View—The upper right pane shows the contents of the job selected in the tree view. If no job is selected, it shows the details of the jobs listed in the tree.
Log—The lower pane shows logs for system, job, and device status.

Figure 3-4: Distribution Manager Main Window

All Jobs Tree View

The All Jobs Tree View pane (Figure 3-5) shows all the jobs that you have created from QoS databases. Each job is assigned a number, which is the name of the job.

Figure 3-5: Distribution Manager All Jobs Tree View

The root of the tree shows the name of the machine that is running the QoS Manager service to which Distribution Manager is connected: localhost means that QoS Manager resides on the same machine as Distribution Manager.

When you select a job in the list, the contents of the job are displayed in the right-hand list view pane. When no job is selected, or when you select the root of the tree, the right-hand list view shows the details for all the jobs listed in the tree.

Table 3-4: Description of Icons in All Jobs Tree View

Icon	Description
	QoS Manager host
	Job
	Canceled job

List View

The list view pane shows the contents of the job selected in the All Jobs Tree View (Figure 3-6). If no job is selected in the tree, the list shows the details for all jobs listed in the tree (Figure 3-7).

Figure 3-6: Distribution Manager List View Pane, Showing Job Summaries

Job summaries have the following details:

Job Name—The name of the job, which is a serial number created by the system.

Database Name—The name of the database from which this job was created.

Total Devices—The number of devices contained in the job.

Written Devices—The number of devices whose configurations were changed when the job was applied to the network.

Date/Time—The date and time the job was created.

Status—The status of the job. Possible job statuses are described in Table 8-1.

Figure 3-7: Distribution Manager List View Pane, Showing Job Contents

Job contents have the following details:

Device—The IP address of a device defined in the job.

Date/Time—The date and time the job was created.

Status—The status of the device (see Table 8-1).

Log

The log pane (Figure 3-8) displays logs of event messages.

Figure 3-8: Distribution Manager Log Pane

The pane has two tabs to display three types of logs:

System Log tab—Shows the system log, which contains messages about general QPM-PRO system events.
Job or Device Log tab—Shows the job or device log, depending on what is selected in the tree or list pane.

Job logs contain messages about the events for the selected job, and are only created if you apply the job to the network.
Device logs contain messages about the events for the selected device, and are only created when QPM-PRO starts configuring the device.

Changing the Distribution Manager Display

You can change the main Distribution Manager window to display information according to your preferences. Table 3-5 lists the available commands for changing the main Distribution Manager window.

Table 3-5: Changing the Distribution Manager Main Window

If you want to...	Command	Description
Display or hide the tool bar	View>Toolbar	The tool bar is the row of short-cut buttons beneath the menu. When Toolbar is checked on the View menu, the tool bar is displayed.
Display or hide the log pane	View>Log	The log pane is the bottom half of the main window, and displays log messages for the system, selected job, or selected device. When Log is checked on the View menu, the log pane is displayed.
Display or hide the status bar	View>Status Bar	The status bar is at the bottom of the window, and displays informative messages as you use Distribution Manager. When Status Bar is checked on the View menu, the status bar is displayed.

Starting Policy Manager from Distribution Manager

If Policy Manager is not running, you can start it from Distribution Manager.

Procedure

Step 1
Click the Policy Manager button, or select Tools>Policy Manager.

The Policy Manager application starts.

Exiting Distribution Manager

From the Distribution Manager interface, you can close Distribution Manager only, or close both Distribution Manager and Policy Manager.

Before You Begin

Check the Status column to make sure that all distribution activities are complete or have been stopped.

Procedure

Step 1 To close Distribution Manager without closing Policy Manager, select File>Close.

To close both Distribution Manager and Policy Manager, select File>Exit.

Understanding the Tutorial Example Network

This tutorial is based on an example enterprise network that consists of a campus site and several remote sites. Each tutorial lesson applies QPM-PRO techniques and principles to specific segments of this network. In each lesson, a diagram clearly illustrates the relevant network segments, the data path, and the QoS features or policies applied.

Figure 3-9: Sample Network Used in QPM-PRO Tutorial Lessons

Campus Site

The campus site contains the following components:

FTP/mail, web and application servers, which are the major servers used in the network.
A Catalyst 6509 switch (referred to as switch S1), running CatOS version 5.5.
Two Cisco 7200 routers (referred to as routers R1 and R4), running IOS version 12.0. Packets from the major servers pass through switch S1 to these routers, and then on to the WAN.
A PBX telephone system.
A Cisco 3600 router (referred to as router R5), running IOS version 12.1(2)T. This router acts as a gateway, converting voice data from the PBX into IP packets for transmission over the WAN.

Remote Site (Finance and HR Users)

This remote site contains a Cisco 2500 router (referred to as router R2), running IOS version 12.0. In the scenario for this tutorial, this router connects the organization's Finance and HR users to the WAN. These users primarily require data from the application server and the FTP/Web server on the campus site. The primary path of data from these servers is from router R1 on the campus site to the remote router R2.

Remote Site (Sales Users)

This remote site contains a Cisco2500 router (referred to as router R3), running IOS version 12.0. This router connects the organization's Sales users to the WAN. These users primarily communicate with the application and web servers on the campus site. The primary path of data from these servers to the Sales users is through router R4 on the campus site to the remote router R3.

Remote Site (Voice over IP)

This remote site contains the following components:

IP phones connected by a LAN.
A Catalyst 6000 switch (referred to as switch S2), running CatOS version 6.1.
A Cisco 3600 router (referred to as router R6), running IOS version 12.1(2)T. IP packets from the IP phones pass through switch S2 to router R6 and then out to the network.

Table 3-6 lists the other technical details of the network that you need to know to follow the lessons. Not all interfaces on the devices are listed.

Table 3-6: Technical Network Details for Lessons

Device Name	Device Model and IP Address	Software Version	Interfaces	IP Address	Mask
R1	7200 10.2.2.2	12.0	Ethernet2/0 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.1.1.1	255.255.0.0
R1	7200 10.2.2.2	12.0	Serial3/0 T1 line at 1544 Kbit/second (propPointToPointSerial)	10.2.2.2	255.255.0.0
R2	2500 10.2.2.3	12.0	Ethernet0 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.10.10.1	255.255.255.0
			Ethernet1 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.10.11.1	255.255.255.0
			Serial0 T1 line at 1544 Kbit/second (propPointToPointSerial)	10.2.2.3	255.255.0.0
R3	2500 10.4.4.5	12.0	Ethernet0 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.10.12.1	255.255.255.0
R3	2500 10.4.4.5	12.0	Serial0 T1 line at 1544 Kbit/second (propPointToPointSerial)	10.4.4.5	255.255.0.0
R4	7200 10.4.4.4	12.0	Ethernet2/0 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.1.1.2	255.255.0.0
R4	7200 10.4.4.4	12.0	Serial3/0 T1 line at 1544 Kbit/sec (propPointToPointSerial)	10.4.4.4	255.255.0.0
R5	3600 172.1.1.1	12.1(2)T	Serial1/0 Frame Relay line at 1544 Kbit/sec	172.1.1.1	255.255.0.0
R6	3600 10.9.9.9	12.1(2)T	Ethernet2/0 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.1.1.3	255.255.0.0
R6	3600 10.9.9.9	12.1(2)T	Serial3/0 Frame Relay line at 1544 Kbit/sec	10.9.9.9	255.255.0.0
S1	6509 10.6.6.6	5.5	VLAN20 propVirtual	10.10.1.2	255.255.0.0
S2	6509 10.8.8.8	6.1	VLAN20 propVirtual	10.10.1.3	255.255.0.0
S2	6509 10.8.8.8	6.1	Ethernet2/0 Standard Ethernet 10,000 Kbit/sec (10 Mb/sec)	10.8.8.8	255.255.0.0

Other interface and device addresses might be used in the lessons.

Lesson 1—Creating and Distributing a Simple Policy for Managing Web Traffic on One Router

In this lesson, you will learn how to add a router to the QoS database and create and deploy a simple policy. The policy in this example sets the IP precedence for web traffic that goes through router R4. See Understanding the Tutorial Example Network, for a description of the example network used in this tutorial. The purpose of this policy is to color the web traffic for the Sales group, because the web server behind R4 hosts a significant application used by Sales, and Sales requires good response from this server.

In order to make a meaningful policy, you must not only color the traffic on the inbound interface to the router (interface Ethernet2/0, which connects the web server to R4), but you must choose a QoS property for the outbound interface Serial3/0 (Figure 3-10). You will implement weighted fair queuing (WFQ). This ensures that the colored traffic receives the appropriate percentage of overall bandwidth.

Figure 3-10: Lesson 1—Coloring and Queuing Packets on Router R4

In this lesson you will learn the following:

Adding a Device and Interfaces to the Database

This topic describes how to add a router to the database. If you are adding a router on your network, you can automatically detect the interfaces and view their properties. You can also manually add interfaces. You will then configure the QoS property on the interfaces to determine which queueing method will be used.

Before You Begin

If you want to create a policy and deploy it on a router that exists in your network, obtain the IP address of an appropriate router. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

The lesson assumes that you are starting with an empty database.

Procedure

Step 1 Add router R4 to the QoS database.

a. In the Policy Manager, select Devices>Device>New.

QPM-PRO opens the New Device window.

b. Fill in the New Device window. At minimum, you must supply the following information:

IP Address—The IP address for the device.
Community—The SNMP read community string for the device.
Password—The password required for Telnet access to the device.
Enable Password—The password required to enter enable mode on the device.

In this example, router R4 is 10.4.4.4, the community string is public, and both passwords are test (Figure 3-11).

c. If your device is offline (for example, if you are using the IP addresses used in this lesson instead of addresses for devices on your network), you must select the device model and the software version in the relevant fields. In this example, router R4 is a Cisco 7200 running IOS software 12.0.

Figure 3-11: Lesson 1—Adding a New Device

Step 2 Add the device's interfaces:

a. If the device is online:

Ensure that the Verify Device Information and Detect Interfaces check boxes are selected and click OK.

: QPM-PRO queries the device, fills in the Device Model and Software Version fields, and obtains a list of the device's interfaces.
: QPM-PRO opens the Detect Interfaces window when it has a complete list of interfaces.

In the Detect Interfaces window, ensure that the interfaces you want to manage are in the selected interfaces list, and move any you do not want to manage to the available interfaces list.
Click OK when finished.

: QPM-PRO creates a folder for the router R4 in the tree view using the IP address of the router. The router's interfaces are included as members of this folder.

b. If the device is not online, add the interfaces manually:

Deselect the Verify Device Information and Detect Interfaces check boxes, so that QPM-PRO does not try to query the device.

Click Define Interface. QPM-PRO opens the New Interface window. Enter the details for the Ethernet2/0 interface (see Table 3-6 for this information).

: Figure 3-12 shows the completed New Interface window.

Figure 3-12: Lesson 1—Adding a New Interface

: Click OK in the New Interface window.

Repeat this procedure for the Serial3/0 interface.
Click OK in the New Device window to return to the tree view.

Figure 3-13 shows the tree view that now includes router R4.

Figure 3-13: Lesson 1—Router R4 and Interfaces in Tree View

Step 3 Configure the QoS property on the Serial3/0 interface so that it uses weighted fair queuing (WFQ). You do not need to change the QoS property of the Ethernet2/0 interface because you are only creating a policy for inbound traffic on Ethernet2/0.

a. Right-click Serial3/0 in the tree view and select Interface Properties.

QPM-PRO opens the Properties of Interface window.

b. Select WFQ in the QoS Property field (Figure 3-14).

c. Click OK.

Figure 3-14: Lesson 1—Configuring Serial3/0 to Use Weighted Fair Queuing

Creating a New Policy to Color Inbound Traffic

This topic describes how to create a policy to color traffic on an inbound interface. The purpose of this policy is to give high priority to web traffic passing through router R4's Ethernet2/0 inbound interface.

Procedure

Step 1 Create the policy.

a. Select Router R4's Ethernet2/0 interface in the tree view.

b.
Click the New QoS Policy button, or select File>New>Policy.

QPM-PRO opens the Properties of Policy window, in which you will create the policy.

c. In the General Properties page, change the name of the policy and add a meaningful comment. For this policy, use "WebTraffic" and "Color web traffic." Figure 3-15 shows the completed general properties page.

Figure 3-15: Lesson 1—General Properties of Coloring Policy

d. Click Next to open the Direction Properties page.

Select the In direction to indicate that the policy is for inbound traffic.

Step 2 Define the policy's filter.

a. Click Next to open the Filter Properties page.

b. In the filters list, select the following values in the same row:

Make sure that the check box in the Deny field is blank.
Protocol—TCP.
Sender Port—Click the dropdown arrow, select Port Number, then select HTTP/Web-services(80), or just type in 80 for the port number. Click OK.

These are the only conditions required to identify web traffic. Figure 3-16 shows the completed Filter Properties window.

Figure 3-16: Lesson 1—Filter Properties of Coloring Policy

Step 3 Define the policy's coloring action.

a. Click Next to open the Coloring page.

b. Select the Coloring Properties check box. The fields for the coloring properties become active.

c. Select flash-override (4) in the Precedence field to give a higher priority to the traffic that satisfies the policy's filter. Figure 3-17 shows the completed Coloring Properties window.

Figure 3-17: Lesson 1—Coloring Properties of Policy

d. Click Finish to save the policy.

QPM-PRO adds the policy to the Serial3/0 folder.

Step 4
Save your definitions and policies to the database.

a. Click the Save button, or select File>Save, to save your policy changes.

Because this is the first time you have saved the database, QPM-PRO opens the Save Database window and you are prompted to name it.

b. For this example, type Tutorial in the Database Name field.

c. Enter a description of the database in the Database Description field, for example, enter Sample tutorial network.

d. Click OK to save the database.

Distributing Policies to the Network

After you have saved your policies in the QoS database, they must be distributed to the network before they will be implemented.

Note If you are working with the examples provided in the tutorial and the device is not in your network, you will not be able to deploy your policies.

Procedure

Step 1
In the Policy Manager, click the Distribution Manager button, or select Tools>Distribution Manager, to start Distribution Manager.

Step 2 In Distribution Manager, select Devices>Create Job to create a distribution job from the Tutorial database.

QPM-PRO opens the Create Job window.

Step 3 Select the Tutorial database and click OK.

QPM-PRO creates a distribution job based on the policy definitions in the selected database. The job consists of the commands required to reconfigure the devices to implement your policies. Only the changes made since you last distributed the database are included in the job.

Step 4 Select the job you just created in the tree view.

When you select the job, QPM-PRO displays the contents of the job in the list view. The list view shows the devices whose configurations will be changed by the job. If you double-click the device name in the list view, QPM-PRO displays the commands that will be sent to the device when you apply the job (the device must be available on the network).

Figure 3-18 shows the job selected in the Distribution Manager window.

Figure 3-18: Lesson 1—Job Selected in Distribution Manager

Step 5
Click the Apply Job button, or select Devices>Apply.

QPM-PRO starts applying the changes defined in the job to the network devices. You can view the job results in the logs displayed in the Log pane at the bottom of the window.

Lesson 2—Coloring Enterprise Resource Planning (ERP) Traffic on a Group of Devices

In this lesson, you will learn how to treat a set of device interfaces as a group, and create and deploy a simple coloring policy across the members of that group. The policy in this example will set the IP precedence for Enterprise Resource Planning (ERP) traffic that goes through routers R1 and R4 (see Figure 3-9 for the overall network diagram).

In order to make a meaningful policy, you must not only color the traffic on the incoming interfaces to these routers (the Ethernet2/0 interfaces, which connect the ERP server to R1 and R4), but you must choose a QoS property for the outbound Serial3/0 interfaces (Figure 3-19). You will implement weighted fair queuing (WFQ) on the outbound interfaces. This ensures that the colored traffic receives the appropriate percentage of overall bandwidth.

Figure 3-19: Lesson 2—Coloring and Queuing Packets on Routers R1 and R4

In this lesson you will learn the following:

Before You Begin

If you want to create a policy and deploy it on a device that exists in your network, obtain the IP address of an appropriate device. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

This lesson assumes that you have completed the steps in Lesson 1Creating and Distributing a Simple Policy for Managing Web Traffic on One Router.

Creating Device Groups

Device groups allow you to treat selected interfaces or subinterfaces as a single unit, so that you can easily apply common policies or QoS settings to the group.

This topic describes how to add a router (router R1) and create two device groups, one combining the inbound interfaces of routers R1 and R4, and the other combining the outbound interfaces of the routers.

Procedure

Step 1 Add router R1 to the QoS database.

a. In the Policy Manager, select Devices>Device>New.

QPM-PRO opens the New Device window.

b. Enter information in the New Device window. At minimum, you must supply the following information.

IP Address—The IP address for the device.
Community—The SNMP read community string for the device.
Password—The password required for Telnet access to the device.
Enable Password—The password required to enter enable mode on the device.

In this example, router R1 is 10.2.2.2, the community string is public, and both passwords are test.

Step 2 Add the device's interfaces.

a. If the device is online:

Ensure that the Verify Device Information and Detect Interfaces check boxes are selected and click OK.

: QPM-PRO queries the device, fills in the Device Model and Software Version fields, and obtains a list of the device's interfaces.
: QPM-PRO opens the Detect Interfaces window when it has a complete list of interfaces.

In the Detect Interfaces window, ensure that the interfaces you want to manage are in the selected interfaces list, and move any you do not want to manage to the available interfaces list.
Click OK when finished.

: QPM-PRO creates a folder for the router R1 in the tree view using the IP address of the router. The router's interfaces are included as members of this folder.

b. If the device is not online, add the interfaces manually:

Deselect the Verify Device Information and Detect Interfaces check boxes, so that QPM-PRO does not try to query the device.
Click Define Interface. QPM-PRO opens the New Interface window. Enter the details for the Ethernet2/0 interface (see Table 3-6 for this information).
Click OK in the New Interface window.
Repeat this procedure for the Serial3/0 interface.
Click OK in the New Device window to return to the tree view.

Step 3 Create a device group for the Serial3/0 interfaces on routers R1 and R4, and set the QoS property for the device group to WFQ.

a. Select Devices>Device Group>New, or select the DeviceGroups folder in the tree view, right-click, and select New Device Group.

QPM-PRO opens the Device Group window.

b. In the Device Group window, enter the following information:

Name—A meaningful name. In this example, use EdgeGroupOutbound.
Device Model—IOS Family. This indicates that the group can contain any device running IOS software.
Software Version—12.0. You can only group interfaces that use the same version (or a compatible one) of IOS software, because different versions support different QoS capabilities.
Interface Type—Any.
Card Type—Non-VIP.
Group Contains—Interfaces.
QoS Property—WFQ.

c. Click Add/Remove in the Group Members area.

QPM-PRO opens the Add/Remove Group Members window.

d. In the Add/Remove Group Members window, open the trees for each device, select the Serial3/0 interfaces for each device in turn and click >> to add each interface to the group (Figure 3-20).

Figure 3-20: Lesson 2—Group Members for EdgeGroupOutbound

e. Click OK when finished.

Figure 3-21 shows the Device Group window after you have added the Serial3/0 interfaces as group members.

Figure 3-21: Lesson 2—Completed Device Group Window for EdgeGroupOutbound

f. Click OK in the Device Group window.

QPM-PRO asks you to confirm that you want the group properties to override the properties already defined on R4's Serial3/0 interface (properties created in Lesson 1Creating and Distributing a Simple Policy for Managing Web Traffic on One Router). Click Yes.

QPM-PRO creates the group and adds it to the DeviceGroups folder in the tree view.

Step 4 Create a device group for the Ethernet2/0 interfaces on routers R1 and R4.

a. Select Devices>Device Group>New, or select the DeviceGroups folder in the tree view, right-click, and select New Device Group.

QPM-PRO opens the Device Group window.

b. In the Device Group window, enter the following information:

Name—A meaningful name. In this example, use EdgeGroupInbound.
Device Model—IOS Family.
Software Version—12.0.
Interfaces—Any.
Card Type—Non-VIP.
Group Contains—Interfaces.
QoS Property—Defined by Interface.

c. Click Add/Remove in the Group Members group.

QPM-PRO opens the Add/Remove Group Members window.

d. In the Add/Remove Group Members window, open the trees for each device, select the Ethernet2/0 interfaces for each device in turn and click >> to add each interface to the group.

e. Click OK when finished.

QPM-PRO adds the interfaces to the Group Members list in the Device Group window.

f. Click OK in the Device Group window.

Figure 3-22 shows the tree view with the completed device group entries.

Figure 3-22: Lesson 3—DeviceGroups Folder with New Device Groups

Creating a Policy on a Device Group

A policy that is created on a device group is applied to all the interfaces belonging to the group. This avoids the need to create individual policies for each interface.

In this lesson, you will create a policy on the EdgeGroupInbound group to color ERP traffic.

Step 1 Create the policy.

a. Select the EdgeGroupInbound group in the tree pane.

b.
Click the New QoS Policy button, or select File>New>Policy.

QPM-PRO opens the Properties of Policy window.

c. In the General Properties page, change the name of the policy and add a meaningful comment. For this policy, use "ERPTraffic" and "Color ERP traffic for the HR, Finance, and Sales organizations."

d. Click Next to open the Direction Properties page.

Select the In direction to indicate that the policy is for inbound traffic.

Step 2 Define the policy's filter.

a. Click Next to open the Filter Properties page.

Because the ERP server in this example is dedicated to the ERP applications, as is typically the case, you color all traffic from the server. If other applications were on the same server as the ERP application, you would also use a port filter.

b. Select the following values in the same row:

Make sure that the check box in the Deny field is blank.
Protocol—TCP.
Sender (Host Name)—ERPServer.

Step 3 Define the policy's coloring action.

a. Click Next to open the Coloring page.

b. Select the Coloring Properties check box. The fields for the coloring properties become active.

c. Select flash-override (4) in the Precedence field to give a higher priority to the traffic that satisfies the policy's filter.

d. Click Finish to save the policy.

QPM-PRO adds the policy to the EdgeGroupInbound folder.

Step 4
Click the Save button, or select File>Save, to save the policy in the database. Because you used a host name for the ERP server, QPM-PRO asks if you would like the host name resolved to its IP address. Policies can be distributed to the device only if the host names are converted to IP addresses. Click Yes to have QPM-PRO resolve the host name. (Click No if you are following along in this lesson without using actual host names that exist in your network.)

Step 5 Distribute the policy to the network, following the procedure described in Distributing Policies to the Network.

Lesson 3—Limiting the Bandwidth Available to FTP Traffic on a Switch

In this lesson, you will learn how to limit the bandwidth that is available to a specific application. The policy in this example will limit FTP traffic passing through switch S1 to a specified bandwidth (see Figure 3-9 for the overall network diagram). FTP traffic that exceeds this bandwidth will be discarded. The purpose of this policy is to prevent FTP traffic from flooding the network and thus reducing the performance of the more important applications on the network.

You will define an application service alias for FTP traffic from the central site, and use the alias to set the limit for FTP traffic to 1024 Kbps (Figure 3-23).

Figure 3-23: Limiting the Bandwidth for FTP Traffic on Routers R1 and R4

In this lesson you will learn the following:

Before You Begin

In order to create and deploy the policy in this lesson, you must have a switch configured with a VLAN in your network. If you have one, use its IP address for the example.

Otherwise, you can use the example IP addresses and values provided in this lesson, so that you can follow the steps without affecting your network.

This lesson assumes that you have completed the steps in the previous lessons.

Adding a Switch and Its Interfaces to the Database

Since you will be defining a limiting policy on the S1 switch, you first need to add the switch and its interfaces to the database. Switch S1 is a Cat6000 switch running CatOS version 5.5.

In this example, a VLAN has been configured on switch S1. The VLAN includes several of the switch's interfaces. The limiting policy will be defined on this VLAN, therefore, you do not have to define the policy on each interface individually. However, in order to ensure that the policy is applied to all the interfaces that belong to the VLAN, you must add each interface to the database and define the QoS style as VLAN-based (as opposed to port-based).

Procedure

Step 1 Add the switch S1 and its interfaces to the QoS database.

a. In the Policy Manager, select Devices>Device>New.

QPM-PRO opens the New Device window.

b. Fill in the New Device window. At minimum, you must supply this information.

Device Name—The host name or IP address for the device.
Community—The SNMP read community string for the device.
Password—The password required for Telnet access to the device.
Enable Password—The password required to enter enable mode on the device.

In this example, switch S1 is 10.6.6.6, the community string is public, and both passwords are test.

Step 2 Add the device's interfaces.

a. If the device is online:

Ensure that the Verify Device Information and Detect Interfaces check boxes are selected and click OK.

: QPM-PRO queries the device, fills in the Device Model and Software Version fields, and obtains a list of the device's interfaces.
: QPM-PRO opens the Detect Interfaces window when it has a complete list of interfaces.

In the Detect Interfaces window, ensure that the interfaces you want to manage are in the selected interfaces list, and move any you do not want to manage to the available interfaces list.

Note Make sure that the VLAN and any of its interfaces to which you want the policy to apply, are in the selected interfaces list.

Click OK when finished.

: Figure 3-24 shows the completed New Device window.
: QPM-PRO creates a folder for the switch in the tree view using the IP address of the switch. The switch's interfaces are included as members of this folder.

Figure 3-24: Lesson 3—Switch Properties

Make sure that the QoS style of the interfaces belonging to the VLAN is VLAN-based. Right-click on each interface in the tree view pane and select Interface Properties. In the Properties of Interface window, select VLAN Based in the QoS Style field (Figure 3-25

Figure 3-25: Lesson 3—VLAN Based QoS Style

b. If the device is not online, add the interfaces manually:

Deselect the Verify Device Information and Detect Interfaces check boxes, so that QPM-PRO does not try to query the device.
Click Define Interface.

: QPM-PRO opens the New Interface window.

Enter the following details for VLAN20, since you will be defining a policy on this VLAN.

: IP Address—10.10.1.2
: Mask—255.255.0.0
: Type—propVirtual
: Click OK when finished.

For example purposes, assume that VLAN20 includes three interfaces (Ethernet2/0, Ethernet2/1 and Ethernet2/2), and define these interfaces in the database, following the procedure above. Choose fictitious IP addresses for these interfaces, and select VLAN Based in the QoS Style field.
Click OK in the New Device window to return to the tree view.

Creating an Application Service Alias

An application service alias can be defined when you want to identify a particular type of network traffic source from a host or subnet. You can use application service aliases to simplify the writing of your policies, because you can write a policy for the application service instead of one for each host.

In this example, you will create an application service alias for FTP traffic. The filter in your limiting policy will be based on this application alias.

Procedure

Step 1 Create an application service alias for FTP traffic.

a.
Click the Application Services button, or select Tools>Application Services.

QPM-PRO opens the Application Services window.

b. Click Add in the Application Services window.

QPM-PRO opens the Application Service window.

c. In the Application Service window, fill in the required information to identify the source of the FTP traffic, and to give the application service alias a name.

In this example, you will identify the FTP traffic by using the following attributes (Figure 3-26):

Name—Central Services FTP Server
Protocol—TCP
Host—10.1.214.113
Port—20-21 (the ftp-data and ftp ports)

Click OK when finished to return to the Application Services window.

Figure 3-26: Lesson 3—Creating an Application Service Alias for FTP Traffic

d. Click OK in the Application Services window.

Creating a Limiting Policy on the Switch

This topic shows how to create a policy on VLAN20 on switch S1 to limit the bandwidth available to FTP traffic.

Procedure

Step 1 Create the policy.

a. Select VLAN20 in the tree view.

b.
Click the New QoS Policy button, or select File>New>Policy, or right-click in the policy list view and select New QoS Policy.

QPM-PRO opens the Properties of Policy window.

c. In the General Properties page, change the name of the policy and add a meaningful comment. For this policy, use "FTP Traffic" and "Limit bandwidth for FTP traffic."

d. Click Next to open the Direction Properties page.

e. Select the In direction to indicate that the policy is for inbound traffic.

Step 2 Define the policy's filter. The aim is to identify all FTP traffic coming from the Central Services FTP Server.

a. Click Next to open the Filter Properties page.

b. In the filters list, click in the Sender field and select the type of sender, as follows:

Type—Is App. Service.
App. Service—Central Services FTP Server.

c. Click OK.

Step 3 Define the policy's limiting action, which limits the bandwidth available to the specified application.

a. Click on Limiting on the left side of the Properties of Policy window to open the Limiting Properties page, or click Next until you reach this page.

b. Select the Limiting Properties check box.

The limiting properties fields are enabled.

c. Define the following limiting properties to specify a maximum rate for the traffic and to remove IP precedence from traffic that exceeds this rate:

Limiting Type—Aggregate.
Rate—The target average rate for the specified traffic, in kilobits per second. For this example, enter 1024.
Burst Size—The maximum size (in kilobytes) that a burst can be before some traffic is marked as exceeding the rate limit. For this example, enter 960.
Limiting Mechanism—Select Precedence.
Precedence—Select None.

Figure 3-27 shows the Limiting Properties page after you have defined all the properties.

d. Click Finish to save the policy.

Figure 3-27: Lesson 3—Limiting Properties

Step 4
Click the Save button, or select File>Save, to save the policy in the database.

Verifying Device Configuration and Distributing to the Network

QPM-PRO enables you to verify whether the configuration of the devices in your network is different to what was defined for the devices in your QPM-PRO database. You can use this feature to check if any changes have been made to any of your network devices.

After this validation process, you can distribute policies to the network as usual.

Procedure

Step 1 Create a job in Distribution Manager.

a.
Click the Distribution Manager button, or select Tools>Distribution Manager, to start Distribution Manager.

b. In Distribution Manager, select Devices>Create Job to create a distribution job from the Tutorial database. QPM-PRO opens the Create Job window.

c. Select the Tutorial database and click OK. QPM-PRO creates a distribution job based on the policy definitions in the selected database. The job consists of the commands required to reconfigure the devices to implement your policies. Only the changes made since you last distributed the database are included in the job.

Step 2 Check the device configuration.

a. Select the job you just created in the tree view.

When you select the job, QPM-PRO displays the contents of the job in the list view, which shows the devices whose configurations will be changed by the job. If you double-click the device name in the list view, QPM-PRO displays the commands that will be sent to the device when you apply the job (the device must be available on the network).

b.
Click the Verify Device Configuration button, or select Devices>Verify Device Configuration.

QPM-PRO starts checking the configuration of the devices in the job. The result of this validation process appears in the Status column and can be either Matched or Mismatched. Details can be viewed in the log in the lower section of the Distribution Manager window.

Step 3 Apply the job.

a.
Click the Apply button, or select Devices>Apply. QPM-PRO starts applying the changes defined in the job to the network devices. You can view the results of the jobs in the logs displayed in the bottom pane of Distribution Manager.

Lesson 4—Updating the Database after Software Upgrades

In this lesson, you will learn how to update the QoS database to recognize that you have upgraded the software on a device.

QPM-PRO uses the device IOS version number to load device capabilities to the database. All sub-versions of a certain version are mapped to the major version, unless QPM-PRO explicitly supports the minor version. New minor versions are mapped to the last supported minor version. For example, version 12.1(5)T would be mapped to version 12.1(2)T. QPM-PRO provides you with the option of manually changing the mapped version number if you require the QoS features of a different version.

In most cases, your QoS configuration and policies remain unchanged after a software upgrade. However, in certain cases, QPM-PRO changes the implementation of policies to take advantage of the features of a new software release (without changing the meaning of your policies). Table 3-7 explains the changes that are made for some software upgrades.

Table 3-7: QPM-PRO Policy Conversions During IOS Software Upgrade

IOS Software Upgrade	Policy Conversion
11.1cc to 11.2 or 11.3	Converts coloring policies from CAR to policy based routing (PBR).
11.2 or 11.3 to 12.0	Converts coloring policies from PBR to CAR.
12.0 to 12.0(5)T on a 2500 router	Converts coloring policies from PBR to CAR.

Upgrading the device software does not affect any device groups to which the device's interfaces belong. You must recreate the device groups if you want them to be restricted to the updated software version.

In this lesson, you will learn the following:

Before You Begin

This lesson assumes that you have completed the steps in the previous lessons.

Updating the QoS Database with New Software Version Information

For the purpose of this lesson, assume that you have upgraded the IOS software version on routers R1 and R4 from version 12.0 to version 12.1(2)E.

Procedure

Step 1 Start QPM-PRO and open the Tutorial database.

Step 2 Change the device properties for router R1:

a. Select router R2 (10.2.2.2) and select Devices>Device>Properties.

QPM-PRO opens the Device Properties window.

b. Click the Verify Device Info button.

QPM-PRO queries the router and updates the software version number and device model, and makes policy conversions if required.

(If you are not using a real device, instead of clicking Verify Device Info, select 12.1(2)E in the Mapped Software Version field.)

Note The detected software version is displayed in the Software Version field. If this version is not supported, QPM-PRO maps to the most recent, most similar supported version, which is displayed in the Mapped Software Version field. You can manually select a different software version in this field if you require its specific capabilities.

c. Click OK to save the changes to the device configuration. QPM-PRO informs you if there are any conflicts between the QoS configuration and policies defined on the device's interfaces and the new software version. You must resolve the conflicts before you can complete the changes to the device properties.

Step 3 Use the same procedure to change the software version for router R4 (10.4.4.4) to 12.1(2)E.

Recreating Device Groups for the New Software Version

At this point, you have updated the software versions on the devices. However, this change has not affected the definitions of the EdgeGroupInbound and EdgeGroupOutbound device groups, even though these device groups contain only members from the R1 and R4 routers. To take advantage of IOS software version 12.1(2)E QoS features, you must recreate these device groups as IOS software version 12.1(2)E device groups.

To avoid having to recreate the existing policies in the device groups, you can copy them over to a new device group, then delete the old device group, and then rename the new device group.

Procedure

Step 1 Create a new device group with software version 12.1(2)E:

a. Select Devices>Device Group>New to create a new device group.

QPM-PRO opens the Device Group window.

b. Enter a temporary name for the device group (egi) in the Name field, and select 12.1(2)E in the Software Version field (Figure 3-28).

c. Click OK when finished.

QPM-PRO creates the egi device group.

Figure 3-28: Lesson 4—Creating a Device Group With a New Software Version

Step 2 Copy the ERPTraffic policy from the EdgeGroupInbound device group to the new device group:

a. Select the EdgeGroupInbound device group in the tree view pane.

b. Right-click on the ERPTraffic policy in the list pane and select Copy. This copies the policy to the Windows clipboard.

c. Select the egi device group in the tree view pane.

d. Right-click in the list pane, and select Paste. This pastes a copy of the ERPTraffic policy to the device group.

Figure 3-29: Lesson 4—Copying a Policy From One Device Group to Another

e. Double-click the Copy of ERPTraffic policy in the list pane.

QPM-PRO opens the policy in the Properties of Policy dialog.

f. Change the name of the policy from "Copy of ERPTraffic" to "ERPTraffic" and click Finish.

QPM-PRO changes the name of the policy.

Step 3 Remove the devices from the EdgeGroupInbound device group and delete the device group.

a. Select the EdgeGroupInbound device group and select Devices>Device Group>Add/Remove Members.

QPM-PRO opens the Add/Remove Members window.

b. Expand the tree for each group member and note which interfaces belong to the group.

c. Select each group member and click << to remove it from the group.

d. Click OK when finished.

Because there are policies defined on the group, QPM-PRO asks if you want the policies copied to the interfaces you are removing from the group. Click No All, because when you are finished, these policies will again be defined for the interfaces on a device group.

QPM-PRO removes the members from the group. EdgeGroupInbound should now have no members.

e. Select the EdgeGroupInbound device group and select Devices>Device Group>Delete.

QPM-PRO asks you to confirm that you want to delete the device group and the policies it contains. Click Yes. QPM-PRO deletes the device group.

Step 4 Add devices to the new egi device group and rename the device group.

a. Select the egi device group and select Devices>Device Group>Add/Remove Members.

QPM-PRO opens the Add/Remove Members window.

b. Select the interfaces you removed from EdgeGroupInbound (10.2.2.2\Ethernet2/0 and 10.4.4.4\Ethernet2/0) and click >> to add them to the group.

c. Click OK when finished.

QPM-PRO adds the members to the group. The egi group should now have the same membership as the original EdgeGroupInbound device group.

d. Select the egi device group and select Devices>Device Group>Properties.

QPM-PRO opens the Device Group window.

e. Change the name of the egi group to EdgeGroupInbound and click OK.

Step 5 Change the EdgeGroupOutbound device group to an IOS software version 12.1(2)E device group. Since there are no policies defined on this device group, you only need to remove the members from the device group, change the software version and then add the members back into the device group.

a. Select the EdgeGroupOutbound device group in the tree view pane and select Devices>Device Group>Add/Remove Members.

QPM-PRO opens the Add/Remove Members window.

b. Expand the tree for each group member and note which interfaces belong to the group.

c. Select each group member and click << to remove it from the group.

d. Click OK when finished.

QPM-PRO informs you that it will change the QoS property for member interfaces to WFQ (because that is the QoS property defined for the group).

e. Click Yes.

f. Right-click on the EdgeGroupOutbound device group in the tree view pane and select Device Group Properties.

QPM-PRO opens the Device Group window.

g. Select 12.1(2)E in the Software Version field and click OK.

h. Select Devices>Device Groups>Add\Remove Members.

QPM-PRO opens the Add/Remove Members window.

i. Add the interfaces you removed from the device group (the Serial3/0 interfaces of routers R1 and R4) back into the group, by selecting each one and clicking >> to add it to the group.

j. Click OK when finished.

QPM-PRO informs you that the QoS property defined for the group will override the one defined on the interface, and asks you to confirm that you want to add the interface to the group.

k. Click Yes.

QPM-PRO adds the members to the group.

Step 6
Click the Save button, or select File>Save, to save your changes.

Step 7 Distribute your policy to the network, following the procedure described in Distributing Policies to the Network.

Lesson 5—Using NBAR and Creating Multiple Action Policies

In this lesson you will learn how to create a multiple-action policy to police and color specific traffic generated from a network-based application, using Network Based Application Recognition (NBAR) to identify the application. Refer to Using Network Based Application Recognition (NBAR) with CBWFQ.

The policy will apply the following actions to MIME type web traffic, specifically JPEG files, passing from a specific host through router R4 and out to the WAN (see Figure 3-9 for the overall network diagram):

Queuing—Ensures that the specified traffic receives a minimum percentage of the total bandwidth during times of congestion.
Limiting—Discards traffic that exceeds a specific rate, ensuring that the traffic does not use more than its defined minimum bandwidth.
Coloring—Gives high IP precedence to the specified web traffic.

QPM-PRO uses modular CLI to implement this policy. Modular CLI separates traffic into classes and defines properties for each class.

Note The policy in this lesson can be created only if your IOS software version supports modular CLI and NBAR.

In order to enable the options that will allow you to define the example policy, you will choose Class Based QoS in the QoS Property field for the outbound (Serial3/0) interface on router R4.

In this lesson you will learn the following:

Before You Begin

This lesson assumes that you have completed the steps in the previous lessons.

If you are using actual devices in your network, make sure that the IOS version is 12.1(2)E or above.

Changing the QoS Property on an Interface

The first step in this lesson is to define the QoS property on Serial3/0 on router R4 as Class Based QoS. This will enable you to use NBAR properties as a filter during policy definition.

Before you can do this, you need to remove the outbound interface (Serial3/0 on router R4 from the device group to which it belongs (EdgeGroupOutbound), so that you can change its QoS property.

Procedure

Step 1 Remove R4's S3/0 interface from the EdgeGroupOutbound device group.

a. Select the EdgeGroupOutbound device group in the tree view.

b. Select Devices>Device Group>Add/Remove Members or right-click on the EdgeGroupOutbound device group in the tree view and select Add/Remove Members.

QPM-PRO opens the Add/Remove Members window.

c. In the Add/Remove Members window, in the Group Members list, select router R4 (10.4.4.4) and click << to remove the device from the group (Figure 3-30). Click OK when finished.

Figure 3-30: Lesson 5—Removing a Device from a Device Group

d. QPM warns you that the removed Serial3/0 interface will retain the QoS property defined for the group (WFQ) and requests confirmation of the removal. Click Yes.

The EdgeGroupOutbound device group now contains one device only (R1).

Step 2 Change the QoS property on the outbound interface (Serial3/0 on router R4) to Class Based QoS.

a. In the tree view, open the tree for router R4 (10.4.4.4).

b. Right click Serial3/0 and select Interface Properties.

QPM-PRO opens the Properties of Interface window.

c. Select Class Based QoS in the QoS Property field.

d. Click OK.

Creating a Multiple-Action Policy with NBAR Filtering

QPM-PRO provides the capability to create multiple-action policies, if the IOS software version running on your device supports modular CLI. For this example, you will create a policy on the outbound interface (Serial3/0 on router R4) that performs three actions on the traffic that matches the filter (web traffic of MIME type from www.cisco.com):

Queuing—creates a queue for the specified class of traffic, which is ensured a minimum percentage of the total bandwidth.
Limiting—defines an upper limit for the bandwidth allocated to the traffic and lowers the precedence of traffic that exceeds this limit.
Coloring—assigns high IP precedence to the specified traffic.

Procedure

Step 1 Create the policy.

a. Select router R4's Serial3/0 interface in the tree view.

b.
Click the New QoS Policy button, or select File>New>Policy or right-click in the policy list view and select New QoS Policy.

QPM-PRO opens the Properties of Policy window, in which you will create the policy.

c. In the General Properties page, change the name of the policy and add a meaningful comment. For this policy, use "Multiple Action" and "Manage critical web traffic."

d. Click Next to open the Direction Properties page.

Select the Out direction to indicate that the policy is for outbound traffic.

Step 2 Define the policy's filter.

a. Click Next to open the Filter Properties page.

b. Click the NBAR Properties tab, since the traffic identification for this policy is via NBAR (Figure 3-31).

Figure 3-31: Lesson 5—NBAR Properties for Filter

c. Click Add.

d. The NBAR Properties window is displayed.

e. Supply the following information in the NBAR properties window to identify web traffic originating from the Cisco Systems host (Figure 3-32):

Protocol—Http
Parameter—Host
Value—www.cisco.com

Click OK.

Figure 3-32: Lesson 5—Defining NBAR Properties

f. Click Add and add a second row of NBAR properties, as follows:

Protocol—http
Parameter—mime
Value—jpg

Click OK.

The NBAR Properties tab now shows the two filters you defined (Figure 3-33). By default, the Match ALL NBAR rows AND ANY filter row radio button is selected, therefore, packets must match both filters in order for the defined action to be carried out.

Figure 3-33: Lesson 5—Defined NBAR Properties

Step 3 Define the policy's queuing action, which ensures that the specified traffic receives a minimum percentage of the total bandwidth during times of congestion.

a. Click Next to open the Queuing Properties page.

b. Select the Queuing Properties check box.

The queuing properties fields are enabled.

c. Type 20 in the Bandwidth field to ensure that the specified traffic receives a minimum of 20% of the total bandwidth when the line is congested (Figure 3-34).

Figure 3-34: Lesson 5—Queuing Properties

Step 4 Define the policy's coloring action, which provides the specified traffic with high IP precedence.

a. Click Next to open the Coloring Properties page.

b. Select the Coloring Properties check box. The fields for the coloring properties become active.

c. Select flash-override(4) in the Precedence field to give high priority to the traffic that matches the defined NBAR properties.

Step 5 Define the policy's limiting action, which lowers the priority of the traffic if it exceeds a specific rate. This ensures that the specified traffic does not use more than its defined minimum bandwidth.

a. Click Next to open the Limiting Properties page.

b. Select the Limiting Properties check box.

The limiting properties fields are enabled.

c. Define the following limiting properties:

Rate—the target average rate for the specified traffic, in kilobits per second. For this example, enter 2000.
Burst Size—The maximum size (in kilobytes) that a burst can be before some traffic is marked as exceeding the rate limit. For this example, enter 1000.
Exceed Burst Size—The maximum size (in kilobytes) that the burst can be before all traffic is marked as exceeding the rate limit. For this example, enter 1500.
Coloring Mechanism—Select Precedence.
Conform Priority—The IP precedence to be applied to traffic that conforms to the specified rate. Select flash-override(4).
Exceed Priority—The IP precedence to be applied to traffic that exceeds the specified rate. Select None to remove all IP precedence from traffic that exceeds the rate.

Figure 3-35 shows the Limiting Properties page after you have defined all the properties.

d. Click Finish to save the policy.

Figure 3-35: Lesson 5—Limiting Properties

Step 6
Click the Save button, or select File>Save, to save the policy in the database.

Step 7 Distribute your policy to the network, as described in Distributing Policies to the Network.

Lesson 6—Providing QoS for Voice Over IP

In this lesson, you will learn how to enable QoS features on router interfaces and create policies that will provide the highest priority for delay and jitter sensitive, real-time Voice over IP (VoIP) traffic.

To achieve this, you will define the following QoS features on the router interfaces:

Frame Relay Traffic Shaping (FRTS)—Minimizes packet loss by throttling back packets as they are forwarded into the Frame Relay cloud, based on congestion indicators.
Compressed RTP (CRTP)—Reduces unnecessary bandwidth consumption by compressing header size from 40 bytes to 5 bytes. The benefits of using cRTP for voice are apparent when considering that the payload for a VoIP packet is only 20 bytes.
Frame Relay Fragmentation (FRF.12)—Ensures that voice packets are not blocked behind large data packets (such as file transfers) by fragmenting these large packets and interleaving voice packets between the fragments.

In addition, you will create a policy that specifies that VoIP traffic be placed in a priority queue for priority treatment with a minimum bandwidth allocation. The following queuing mechanism is used:

Low Latency Queuing (LLQ)—Allows delay-sensitive data such as voice to be de-queued and sent first (before packets in other queues are de-queued), giving delay-sensitive data preferential treatment over other traffic. The relatively small size of voice packets makes it possible to use a strict priority queue for voice without degrading network quality for the remaining traffic.

Understanding the Example Network Scenario for VoIP

The VoIP scenario includes the following components (Figure 3-36):

The campus site includes a PBX that sends voice data to a Cisco 3600 router running IOS version 12.1(2)T. The router converts the analog or digital data into IP packets for transmission over a Frame Relay network to the remote site, thus acting as a voice gateway.

: Router R5's inbound interface (FXO VIC 1/0/0) is a voice dedicated interface. Its outbound interface (S1/0) is a serial interface with Frame Relay encapsulation. All QoS features and policies are defined on this outbound interface.

The remote site includes several IP phones on a LAN, connected via a Cat6K switch (Switch S2) to router R6, which is also a Cisco 3600 router. IP packets from the IP phones enter the switch via a VLAN that has been configured on the switch. In this lesson, you will define 1P2Q2T queuing on Switch S2's VLAN, thus creating an IP precedence sensitive priority queue for VoIP traffic coming from the IP phones. You will then define a policy on the VLAN to color VoIP traffic with IP precedence 5, so that it will automatically be placed in the priority queue.

: In addition, you will provide VoIP traffic passing through router R5 on the campus site and router R6 on the remote site, with quality of service and highest priority. You will do this by defining QoS features on the outbound interfaces of both routers, as well as creating a policy to define a priority queue with a minimum bandwidth allocation for the VoIP traffic. You will include the outbound interfaces in a device group so that you can apply the QoS features and the policy to both interfaces at the same time.

Figure 3-36: Lesson 7—Configuring QoS for VoIP traffic

In this lesson you will learn the following:

Before You Begin

This lesson assumes that you have completed the steps in the previous lessons.

Adding Devices and Interfaces to the Database

The first step in this lesson is to add routers R5 and R6 and their interfaces, and switch S2 and its interfaces, to the database.

Procedure

Step 1 Add router R5 to the database.

a. In the Policy Manager, select Devices>Device>New or right-click in the tree view and select New Device.

QPM-PRO opens the New Device window.

b. Fill in the New Device window. At minimum, you must supply this information.

Device Name—The host name or IP address for the device.
Community—The SNMP read community string for the device.
Password—The password required for Telnet access to the device.
Enable Password—The password required to enter enable mode on the device.

In this example, router R5 is 172.1.1.1, the community string is public, and both passwords are test (Figure 3-11).

Step 2 Add the device's interfaces.

a. If the device is online:

Ensure that the Verify Device Information and Detect Interfaces check boxes are selected and click OK.

: QPM-PRO queries the device, fills in the Device Model and Software Version fields, and obtains a list of the device's interfaces.
: QPM-PRO opens the Detect Interfaces window when it has a complete list of interfaces.

In the Detect Interfaces window, ensure that the interfaces you want to manage are in the selected interfaces list, and move any you do not want to manage to the available interfaces list. In this lesson, you are only going to manage Serial1/0.
Click OK when finished.

: Figure 3-37 shows the completed New Device window.
: QPM-PRO creates a folder for the router in the tree view using the IP address of the router. The router's interfaces are included as members of this folder.

Figure 3-37: Lesson 6—Adding a New Device

b. If the device is not online (for example, if you are using the IP addresses used in this lesson instead of addresses for devices on your network):

Fill in the Software Version and Device Model fields manually. In this example, router R5 is a Cisco 3600 running IOS software release 12.1(2)T.

Deselect the Verify Device Information and Detect Interfaces check boxes, so that QPM-PRO does not try to query the device.

Click Define Interface. QPM-PRO opens the New Interface window.

Enter the details for the Serial1/0 interface (see Table 3-6 for this information).
Click OK.

Figure 3-38 shows the tree view that now includes router R5.

Figure 3-38: Lesson 6—Router R5 and Interfaces in Tree View

Add router R6 and its E2/0 and S1/0 interfaces to the database, following the procedures in Steps 1 and 2 above.

Step 3 Add switch S2 to the database. If you are working offline, the example switch S2 has an IP address of 10.8.8.8, the community string is public, and both passwords are test.

Step 4 Add switch S2's interfaces to the database. See Adding a Switch and Its Interfaces to the Database, for procedures.

If you are working with an online device, add an Ethernet interface, a VLAN, and the VLAN ports for which you want to configure QoS, to the database.
If you are working offline, add switch S2's interfaces manually. Define an interface called VLAN20, as well as some fictitious ports belonging to VLAN 20. See Table 3-6 for details about VLAN20.

Note QPM-PRO supports both port-based and VLAN-based QoS. When working with VLANs, you must make sure that the physical interfaces on the VLAN to which you want your QoS definitions to apply, have VLAN-based QoS style defined. You can do this by accessing the properties of each interface and specifying VLAN Based in the QoS Style field.

Defining QoS Features on a Device Group

Since VoIP signals from both the campus site and the remote site require high priority and QoS, you will create a device group that includes the outbound interfaces of the edge router on both sides (routers R5 and R6). You will then define QoS features and policies on the device group. This precludes having to repeat the same procedure on each router individually.

You will define the QoS property, Class Based QoS, on the device group. This QoS property includes CBWFQ and enables you to define other QoS features on the device group for managing voice (and any other real-time traffic), including FRTS, cRTP and bandwidth for voice configuration.

Procedure

Step 1 Create the Device Group.

a. Select Devices>Device Group>New or right-click in the tree view pane and select New Device Group.

QPM-PRO opens the Device Group window.

b. In the Device Group window, enter the following information:

Name—A meaningful name. In this example, use VoiceGroup.
Device Model—3600.
Software Version—12.1(2)T. You can only group interfaces that use the same version (or a compatible one) of IOS software, because different versions support different QoS capabilities.
Interface Type—Frame Relay.
Card Type—Non-VIP.
Group Contains—Interfaces.
QoS Property—Class Based QoS.

Notice that when you select Class Based QoS, additional options are provided at the bottom of the window (Figure 3-39).

Figure 3-39: Lesson 6—QoS Options in Device Group Properties

c. Click Add/Remove in the Group Members area.

QPM-PRO opens the Add/Remove Group Members window.

d. In the Add/Remove Group Members window, select the serial interfaces for each device in turn and click >> to add each interface to the group.

Step 2 Define Frame Relay Traffic Shaping (FRTS) parameters (Figure 3-40).

a. Click the plus sign (+) next to Frame-Relay Traffic Shaping to display the fields for FRTS.

b. Select the Enable Frame-Relay Traffic Shaping check box.

c. Enter values for the FRTS parameters. For the example, enter the following values (in kilobits per second):

Rate—1545
Burst Size—1200
Exceed Burst Size—1500

Figure 3-40: Lesson 6—FRTS Options

Step 3 Enable IP RTP header compression to help reduce delay for VoIP traffic.

a. Click the plus sign (+) next to IP RTP Header Compression.

b. Select the Enable IP RTP Header Compression check box.

Step 4 Configure the bandwidth and fragmentation for Voice over Frame Relay (Figure 3-41).

a. Click the plus sign (+) next to Voice Configuration.

b. Select the Enable Voice Configuration check box.

c. Enter 50 in the Bandwidth field. This means that 50% of the total bandwidth on the interface will be reserved for VoIP traffic.

d. Enter 40 in the Fragment field. This means that when fragmenting data frames, the size of each fragment will be 40 Bytes.

Figure 3-41: Lesson 6—Voice Configuration Options

Creating a Policy to Define a Priority Queue for VoIP traffic

This topic describes how to create a policy that specifies a range of RTP ports whose traffic is guaranteed strict priority service over any other queues or classes using the same outbound interface. You will create the policy on the VoiceGroup device group you just created, so that it will be applied to the outbound interfaces of both R5 and R6.

Procedure

Step 1 Create the policy.

a. Select the VoiceGroup device group in the tree view pane.

b.
Click the New Policy button, or select File>New>Policy, or right-click in the policy list view and select New QoS Policy.

QPM-PRO opens the Properties of Policy window, in which you will create the policy.

c. In the General Properties page, change the name of the policy and add a meaningful comment. For this policy, use "VoicePriority" and "Define priority bandwidth allocation and coloring for voice traffic."

d. Click Next to open the Direction Properties page.

e. Select the Out direction to indicate that the policy is for outbound traffic.

Step 2 Define the policy's filter. Since VoIP traffic uses RTP ports, you will specify a range of ports as your filter.

a. Click Next to open the Filter Properties page.

b. Click on the IP RTP tab.

c. Select the Enable IP RTP check box.

d. Specify a port range of 16834 to 32767, which is the RTP port range (Figure 3-42).

Figure 3-42: Lesson 6—Filter using IP RTP port range

Step 3 Define the policy's queuing action, which creates a priority queue for the VoIP traffic, ensuring that it will be transmitted before any other queued traffic and that it will be given a minimum bandwidth allocation.

a. Click Next to open the Queuing Properties page.

b. Select the Queuing Properties check box.

The queuing properties fields are enabled.

c. Select the Priority check box.

d. Type 50 in the Bandwidth field to ensure that the VoIP traffic in the priority queue receives a minimum of 50% of the total bandwidth.VoIP traffic is guaranteed this bandwidth under worst-case congestion scenarios. If excess bandwidth is available, the priority class will be allowed to utilize the bandwidth. If no excess bandwidth is available, the priority traffic will be constrained to the configured rate via packet drops.

Step 4 Define the policy's coloring action, which gives high IP precedence to the VoIP traffic.

a. Click Next to open the Coloring Properties page.

b. Select the Coloring Properties check box.

The coloring properties fields are enabled.

c. Select Precedence in the Coloring Mechanism field and Critical(5) in the Precedence field.

d. Click Finish to save the policy.

Step 5
Click the Save button, or select File>Save, to save the policy in the database.

Step 6 Distribute your policy to the network, following the procedure described in Distributing Policies to the Network.

Creating a Priority Queue Reserved for IP Precedence 5 Traffic on the Switch

This topic describes how to specify that the strict priority queue provided by 1P2Q2T queuing on switch S2's VLAN, is reserved for traffic with IP Precedence 5. The next step will be to color VoIP traffic with IP Precedence 5 so that it will be placed in this priority queue.

Procedure

Step 1 Right-click on Switch S2 (10.8.8.8) in the tree view pane and select Device Properties.

QPM-PRO opens the Device Properties window.

Step 2 Click QoS Property.

QPM-PRO opens the Properties of CatOS Queuing window, with the 1P2Q2T tab displayed. The window contains a table in which you can map a specific IP precedence to a queue.

Step 3 In the table, select Critical (5) for Queue 3, which is the priority queue (Figure 3-43).

Step 4 Click OK.

Figure 3-43: Lesson 6—Mapping IP Precedence to the Priority Queue

Step 5 Click OK in the Device Properties window.

Creating a Policy on the Switch to Color VoIP Traffic

This topic describes how to create a policy on Switch S2's inbound VLAN20 to color VoIP traffic from the IP phones with high IP precedence.

Procedure

Step 1 Create the policy.

a. Select Switch S2's VLAN20 interface in the tree view.

b.
Click the New QoS Policy button, or select File>New>Policy.

QPM-PRO opens the Properties of Policy window, in which you will create the policy.

c. In the General Properties page, change the name of the policy and add a meaningful comment. For this policy, use "VoiceTraffic" and "Color voice traffic."

d. Click Next to open the Direction Properties page.

Select the In direction to indicate that the policy is for inbound traffic.

Step 2 Define the policy's filter.

a. Click Next to open the Filter Properties page.

b. In the filters list, specify the following values in the same row:

Protocol—UDP.
Sender Port—Click the dropdown arrow, select Port Range, then type 16384 in the From: field and 32767 in the To: field (Figure 3-44).

c. Click OK.

Figure 3-44: Lesson 6—Filter Properties of Coloring Policy

Step 3 Define the policy's coloring action.

a. Click Next to open the Coloring page.

b. Select the Coloring Properties check box. The fields for the coloring properties become active.

c. Select critical (5) in the Precedence field to give a highest priority to the traffic that satisfies the policy's filter.

d. Click Finish to save the policy.

Step 4
Save your definitions and policies to the database.

a. Click the Save button, or select File>Save, to save your policy changes.

Lesson 7—Configuring Frame Relay Traffic Shaping

In this lesson, you will learn how to configure Frame Relay traffic shaping (FRTS) on Cisco routers. FRTS is frequently used to throttle traffic to the rate agreed upon with your WAN service provider, particularly if the destination link is running at a lower bandwidth than the source link.

For example, you might have a T1 line running at 1544 Kbps, but your service provider is committing to provide only 512 Kbps, and the destination of your traffic is a link running lower bandwidth than 1544 Kbps. By throttling the traffic rate at the source, you ensure that the traffic does not overwhelm the WAN link, resulting in dropped packets and increased delay. With FRTS, you can control the rate and smooth the traffic flow.

This example uses a different network setup than used in previous lessons. Figure 3-45 shows three routers connected over a Frame Relay cloud. All links are T1 Frame Relay lines. The Main router uses subinterfaces to enable routing between the two remote offices, Remote1 and Remote2. Most WAN traffic originates from the main office, so you will implement FRTS on the subinterfaces on the Main router. The service provider has committed to 512 Kbps for the Main-Remote1 link, and 256 Kbps for the Main-Remote2 link. There is no rate commitment for the interfaces on the remote links.

Figure 3-45: Implementing FRTS to Control WAN Traffic Rates

In this lesson, you will learn the following:

Implementing FRTS on Frame Relay interfaces and subinterfaces

Before You Begin

This lesson assumes that you have completed the steps in Lesson 6Providing QoS for Voice Over IP. Although you will not use the same network setup, you should already be familiar with adding devices and interfaces to the QoS database.

Procedure

Step 1 Add the Main router to the database, using 10.10.10.11 for the device name. See Lesson 1Creating and Distributing a Simple Policy for Managing Web Traffic on One Router, for the steps for adding devices to the databases, if you are not familiar with the procedure.

Table 3-8 lists the device details for this example. Because Remote1 and Remote2 links do not have a committed information rate, you are not enabling FRTS or other QoS capabilities on these routers in this example. Therefore, you only need to add Main, its Serial3/0 interface, and its subinterfaces to the database.

Table 3-8: Technical Network Details for FRTS Lesson

Name	Device Model	Software Version	Interfaces	IP Address	Mask
Main	7200	12.1	Serial3/0 T1 line at 1544 Kbit/second (Frame Relay)
			Serial3/0.1 Used as a permanent virtual circuit (PVC) with the Remote1 router, data link connection identifier (DLCI) 150.	10.10.10.11	255.255.255.0
			Serial3/0.2 Used as a PVC with the Remote2 router, DLCI 151.	10.10.11.11	255.255.255.0
Remote1	4500	12.1	Serial0 T1 line at 1544 Kbit/second (Frame Relay)	10.10.10.10	255.255.255.0
Remote2	4500	12.1	Serial0 T1 line at 1544 Kbit/second (Frame Relay)	10.10.11.10	255.255.255.0

Step 2 Enable FRTS on the Main router's Serial3/0 interface. You must enable FRTS on an interface in order to configure FRTS on the interface's subinterfaces:

a. Right-click Serial3/0 in the 10.10.10.11 folder and select Interface Properties.

QPM-PRO opens the Properties of Interface window.

b. Select FIFO as the QoS Property. You must select a QoS Property other than "Do Not Change" if you want to configure interface QoS capabilities such as FRTS.

c. Select Enable Frame Relay Traffic Shaping.

d. Enter 512 in the Rate field.

e. Select Adaptive Shaping. This allows the interface to respond to notifications of congestion from the Remote1 and Remote2 routers, and throttle traffic accordingly.

Figure 3-46 shows the completed interface properties.

f. Click OK when finished.

Figure 3-46: Lesson 7—Enabling FRTS on the Serial3/0 Interface

Step 3 Enable FRTS on the Main router's Serial3/0.1 interface:

a. Right-click Serial3/0.1 in the 10.10.10.11 folder and select Interface Properties.

b. Make the following selections:

FIFO for QoS Property
512 for Rate
Adaptive Shaping

Figure 3-47 shows the completed interface properties. Click OK when finished.

Figure 3-47: Lesson 7—Enabling FRTS on the Serial3/0.1 Sub-Interface

Step 4 Use the same procedure to enable FRTS on the Serial3/0.2 interface, making the following interface selections:

FIFO for QoS Property
256 for Rate
Adaptive Shaping

Step 5
Click the Save button, or select File>Save, to save your changes.

Step 6 Distribute your settings to the network, as described in Distributing Policies to the Network.

Table of Contents

Procedure

Tips

Understanding the Main Policy Manager Window

Procedure

Procedure

Tips

Procedure

Procedure

Tips

Understanding the Main Distribution Manager Window

Related Topics

Procedure

Before You Begin

Procedure

Campus Site

Remote Site (Finance and HR Users)

Remote Site (Sales Users)

Remote Site (Voice over IP)

Before You Begin

Procedure

Procedure

Procedure

Related Topics

Before You Begin

Procedure

Related Topics

Before You Begin

Procedure

Procedure

Procedure

Procedure

Related Topics

Before You Begin

Procedure

Procedure

Related Topics

Before You Begin

Procedure

Understanding the Example Network Scenario for VoIP

Before You Begin

Procedure

Procedure

Procedure

Procedure

Procedure

Related Topics

Before You Begin

Procedure

Related Topics