Cisco IOS QoS prioritize SSH but not SCP

ssh ios scp cisco qos

You can use packet lengths to distinguish one from the other, but there's a risk that these will be chopped and mixed by the SSH transport.

class-map match-all ssh-interactive
 match access-group name ssh
 match packet length max 600
class-map match-all ssh-files
 match access-group name ssh
 match packet length min 600 
ip access-list extended ssh
 permit tcp any any eq 22
 permit tcp any eq 22 any

The cut-off point is arbitrarily picked out of this air, you'd have to tune and see what works for you.


Most (all? OpenSSH at least) SSH implementations set different IP TOS flags depending on if the session is interactive or bulk data. It sets the lowdelay TOS flag for interactive sessions.

You can then match on the TOS flags in your ACL.

Related

Why does the Task Manager does not show any activity from Hyper-V?
Chef bootstrap giving 401 unauthorized
How can I make nginx always return a HTTP 503?
Interpreting cryptic kernel "page allocation failure" messages
running automated fsck on remote server
Purchasing hard drives with non-sequential serial numbers
How do "correctly" sync millions of files with rsync and inotify?
How to solo Pyrocaustic Pete the Invincible?
Is there a way to move YouTube app from TV and Video on PS4?
Give player item(s) when player hits X amount of deaths
How can the game be loaded on a different monitor?
Do I need to have downloaded the Cerberus Armor in Mass Effect 2 in order to buy it in Mass Effect 3?