KB ID 0001359
Problem
I have a client who had two sites, one didn’t have a particularly good internet connection, (which is the actual problem that needed to be solved). But in the interim, he wanted me to prioritise RDP traffic, as his staff were constantly complaining about the speed of their connections.
Note: They may be a myriad of reasons why user experience is bad for an RDP session, this was quite simply a bandwidth issue.
The client requested I prioritise RDP traffic on the link. We were not really sure if that would cure the problem, but they have not complained since!
Solution
On the main site, (with the RDP server(s) on), create an ‘access-list‘ to match our interesting traffic. (I’m just using ‘any’ as the source.)
Main-Site# configure terminal Main-Site(config)# access-list ACL-RDP-Traffic extended permit tcp any eq 3389 172.16.0.0 255.255.0.0
Create a ‘priority-queue‘ on the outside interface.
Main-Site(config)# priority-queue outside Main-Site(config-priority-queue)# exit
Create a ‘class-map‘ that matches our ‘access-list‘.
Main-Site(config)# class-map CM-RDP-Traffic Main-Site(config-cmap)# match access-list ACL-RDP-Traffic Main-Site(config-cmap)# exit
Create ‘policy-map‘ that uses the ‘class-map‘ and assigns it priority.
Main-Site(config)# policy-map PM-RDP-Traffic Main-Site(config-pmap)# class CM-RDP-Traffic Main-Site(config-pmap-c)# priority Main-Site(config-pmap-c)# exit Main-Site(config-pmap)# exit
Apply the ‘service-policy‘ to the ‘outside interface‘.
Main-Site(config)# service-policy PM-RDP-Traffic interface outside Main-Site(config)# end
You can ensure it has worked with the following command;
Main-Site# show service-policy interface outside priority
Interface outside:
Service-policy: PM-RDP-Traffic
Class-map: CM-RDP-Traffic
Priority:
Interface outside: aggregate drop 0, aggregate transmit 0
Main-Site#
Then, do the mirror image on the remote site, (where the clients are). Note: I’ve made this access list a little more specific.
Remote-Site# configure terminal
Remote-Site(config)# access-list ACL-RDP-Traffic permit tcp 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0 eq 3389
Remote-Site(config)# priority-queue outside
Remote-Site(config-priority-queue)# exit
Remote-Site(config)# class-map CM-RDP-Traffic
Remote-Site(config-cmap)# match access-list ACL-RDP-Traffic
Remote-Site(config-cmap)# exit
Remote-Site(config)# policy-map PM-RDP-Traffic
Remote-Site(config-pmap)# class CM-RDP-Traffic
Remote-Site(config-pmap-c)# priority
Remote-Site(config-pmap-c)# exit
Remote-Site(config-pmap)# exit
Remote-Site(config)# service-policy PM-RDP-Traffic interface outside
Remote-Site(config)# end
Don’t forget: To save the changes with a ‘write memory‘ command when you’re happy.
Related Articles, References, Credits, or External Links
NA
28/09/2018
Really helpful.Thank you for creating this!
25/02/2021
Hi, first of all, excellent reading, I have implemented a few of your ASA articles.
Now I’m trying to prioritize DHCP on my local network (clients receive an IP address from a Windows Server 2016), this is what I have done, how to be sure it’s working?
Everyone is connected internally on the inside interface.
access-list 195 extended permit udp any eq 67 any
priority-queue inside
exit
class-map QoSPriority_classmap
match access-list 195
exit
policy-map QoS_policy
class QoSPriority_classmap
priority
exit
exit
service-policy QoS_policy interface inside
25/02/2021
Why would you want to prioritise DHCP traffic? Just setup a DHCP helper?