Use Case: QoS for a Single User

A CEO finds that during periods of high network usage, she is unable to access enterprise applications to respond effectively to critical business communications. The IT admin wants to ensure that all traffic to and from the CEO receives preferential treatment over other employee traffic so that she is guaranteed not only access to, but high performance of, critical network resources.
  1. The admin creates the QoS profile
    CEO_traffic
    to define how traffic originating from the CEO will be treated and shaped as it flows out of the company network:
    QoS-SingleUser-Profile-Class1.png
    The admin assigns a guaranteed bandwidth (
    Egress Guaranteed
    ) of 50 Mbps to ensure that the CEO will have that amount that bandwidth guaranteed to her at all times (more than she would need to use), regardless of network congestion.
    The admin continues by designating Class 1 traffic as high priority and sets the profile’s maximum bandwidth usage (
    Egress Max
    ) to 1000 Mbps, the same maximum bandwidth for the interface that the admin will enable QoS on. The admin is choosing to not restrict the CEO’s bandwidth usage in any way.
    It is a best practice to populate the
    Egress Max
    field for a QoS profile, even if the max bandwidth of the profile matches the max bandwidth of the interface. The QoS profile’s max bandwidth should never exceed the max bandwidth of the interface you are planning to enable QoS on.
  2. The admin creates a QoS policy to identify the CEO’s traffic (
    Policies
    QoS
    ) and assigns it the class that he defined in the QoS profile (see prior step). Because User-ID is configured, the admin uses the
    Source
    tab in the QoS policy to singularly identify the CEO’s traffic by her company network username. (If User-ID is not configured, the administrator could
    Add
    the CEO’s IP address under
    Source Address
    . See User-ID.):
    QoS-SingleUser-Policy-SourceUser.png
    The admin associates the CEO’s traffic with Class 1 (
    Other Settings
    tab) and then continues to populate the remaining required policy fields; the admin gives the policy a descriptive
    Name
    (
    General
    tab) and selects
    Any
    for the
    Source Zone
    (
    Source
    tab) and
    Destination Zone
    (
    Destination
    tab):
    QoS-SingleUser-policy-all.png
  3. Now that Class 1 is associated with the CEO’s traffic, the admin enables QoS by checking
    Turn on QoS feature on interface
    and selecting the traffic flow’s egress interface. The egress interface for the CEO’s traffic flow is the external-facing interface, in this case, ethernet 1/2:
    QoS-SingleUser-Interface-internal.png
    Because the admin wants to ensure that all traffic originating from the CEO is guaranteed by the QoS profile and associated QoS policy he created, he selects the
    CEO_traffic
    to apply to
    Clear Text
    traffic flowing from ethernet 1/2.
  4. After committing the QoS configuration, the admin navigates to the
    Network
    QoS
    page to confirm that the QoS profile CEO_traffic is enabled on the external-facing interface, ethernet 1/2:
    QoS-SingleUser-Network.png
  5. He clicks
    Statistics
    to view how traffic originating with the CEO (Class 1) is being shaped as it flows from ethernet 1/2:
    QoS-SingleUser-statistics.png
    This case demonstrates how to apply QoS to traffic originating from a single source user. However, if you also wanted to guarantee or shape traffic to a destination user, you could configure a similar QoS setup. Instead of, or in addition to this work flow, create a QoS policy that specifies the user’s IP address as the
    Destination Address
    on the
    Policies
    QoS
    page (instead of specifying the user’s source information) and then enable QoS on the network’s internal-facing interface on the
    Network
    QoS
    page (instead of the external-facing interface).

Recommended For You