Cisco ASA用三种方法来实现QoS,分别为:流量管制(traffic policing),流量×××(traffic shaping),优先级队列(priority queueing)。三种方法的不同之处在于:当流量达到设置的阈值时,流量管制丢弃包,流量×××把包放进等待队列(7.2.4版本以上才支持)。而优先级队列不受前两者影响,其优先级高于前两两者。在相同状况下,使用优先级队列的流量最先通过。在实际工作中,这三种方法是混合使用的。
  结合下图,由下而上,我简单描述一下设置QoS的步骤:
      1) 设置class map,匹配想要控制的流量,可以用ACL,dscp,tunnel-group…
      2) 设置policy map,并应用priroty或(和)Police在相应的class map上。
      3) 设置service policy,并匹配需要的policy map 。
      4) 把service policy应用在接口上。
Cisco ASA上QoS的配置_Cisco
 
 
例子:

Traffic Policing with Prioritization

Lets assume that we have an ASA that is running voice over a ××× tunnel. And that we want to prioritize the voice traffic through the ×××. Also we want to police the ××× traffic that is not voice and the rest of the TCP traffic.
Lets say that the available upload bandwidth for the outside interface is 1Mbps. We want to dedicate 300kbps for the ×××, 100kbps of which will be guaranteed for voice (thus 200kbps for non-voice ××× traffic), 500kbps for the tcp traffic and 200kbps for everything else. Also, assume that the voice traffic is flagged with dhcp field ef (as it is the default for most cases). The tunnel group name is tunnel-grp1.
ASA(config)# priority-queue outside
ASA(config)# access-list tcp-traffic-acl permit tcp any any
ASA(config)# class-map tcp-traffic-class
ASA(config-cmap)# match access-list tcp-traffic-acl
ASA(config)# class-map TG1-voice-class
ASA(config-cmap)# match tunnel-group tunnel-grp1
ASA(config-cmap)# match dscp ef
ASA(config-cmap)# class-map TG1-rest-class
ASA(config-cmap)# match tunnel-group tunnel-grp1
ASA(config-cmap)# match flow ip destination-address
ASA(config)# policy-map police-priority-policy
ASA(config-pmap)# class tcp-traffic-class
ASA(config-pmap-c)# police output 500000
ASA(config-pmap-c)# class TG1-voice-class
ASA(config-pmap-c)# priority
ASA(config-pmap-c)# class TG1-rest-class
ASA(config-pmap-c)# police output 200000
ASA(config-pmap-c)# class class-default
ASA(config-pmap-c)# police output 200000
ASA(config-pmap-c)# service-policy police-priority-policy interface outside

Traffic Shaping with Prioritization

Now, lets assume that we have the same ASA as in the previous case. And we now want to traffic shape all traffic and prioritize the voice through the ×××. In other words we will traffic shape all traffic for 900kbps, prioritize the voice and guarantee 100kbps for it. Again, we assume that the voice traffic is flagged with dhcp field ef and the tunnel group name is tunnel-grp1.
ASA(config)# priority-queue outside
ASA(config)# class-map TG1-voice-class
ASA(config-cmap)# match tunnel-group tunnel-grp1
ASA(config-cmap)# match dscp ef
ASA(config-cmap)# policy-map priority-policy
ASA(config-pmap)# class TG1-voice-class
ASA(config-pmap-c)# priority
ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 1000000
ASA(config-pmap-c)# service-policy priority-policy
ASA(config-pmap-c)# service-policy shape-priority-policy interface outside