Create a QoS Policy and Rule

QoS policies deployed to managed devices govern rate limiting. You can create a QoS policy by selecting a realm to limit the VPN bandwidth a user or user group can consume. Each QoS policy can target multiple devices; each device can have one deployed QoS policy at a time.

Procedure

Step 1

On your Cisco Defense Orchestrator web interface, choose Devices > QoS > New Policy.

Step 2

Enter a Name and, optionally, a Description.

Step 3

Choose the Available Devices where you want to deploy the QoS policy, then click Add to Policy, or drag and drop to the Selected Devices.

Note

Select the same device where you want to deploy the remote access VPN policy. You must assign devices before you deploy the policy.

Step 4

On QoS policy Rules, click Add Rule.

Step 5

Enter a Name.

Step 6

Configure rule components:

  • Enabled—Specify whether the rule is Enabled.

  • Apply QoS On—Choose the interfaces you want to rate limit, either Interfaces in Destination Interface Objects or Interfaces in Source Interface Objects. Your choice must correspond with a populated interface constraint (not any).

  • Traffic Limit Per Interface—Enter a Download Limit and an Upload Limit in Mbits/sec. The default value of Unlimited prevents matching traffic from being rate limited in that direction.

  • Users—Click the Users tab, and select the newly-created realm and users to limit the VPN traffic. Click other tabs corresponding to the conditions you want to add. You must configure a source or destination interface condition, corresponding to your choice for Apply QoS On.

  • Comments—Click the Comments tab, add a comment, and click OK.

Step 7

Save the rule.

In the policy editor, set the rule position. Click and drag or use the right-click menu to cut and paste. Rules are numbered starting at 1. The system matches traffic to rules in top-down order by ascending rule number. The first rule that traffic matches is the rule that handles that traffic. Proper rule order reduces the resources required to process network traffic and prevents rule preemption.

Step 8

Click Save to save the policy.