Ssh – Cisco IOS QoS prioritize SSH but not SCP

ciscoiosqosscpssh

How can I prioritize ssh traffic to ensure low-latency but throttle SCP file transfers? I'm looking for a solution that is not host specific so I don't have to add lists of IP addresses. Thanks!

Best Answer

You can use packet lengths to distinguish one from the other, but there's a risk that these will be chopped and mixed by the SSH transport.

class-map match-all ssh-interactive
 match access-group name ssh
 match packet length max 600
class-map match-all ssh-files
 match access-group name ssh
 match packet length min 600 
ip access-list extended ssh
 permit tcp any any eq 22
 permit tcp any eq 22 any

The cut-off point is arbitrarily picked out of this air, you'd have to tune and see what works for you.

Related Topic