- After reviewing your configuration, I do not believe you will see matches because the traffic will have been NATted before the QoS map is implemented as traffic leaves the WAN interface. Based on your configuration, your ACL is matching traffic being sourced from the 172.16.116.x network.However, by the time the QoS map checks the traffic, the traffic will have already been source NATted to the IP address of eth 0/2. That traffic will look like its being sourced from eth 0/2's IP address instead of the 172.16.116.x network, therefore the ACL will have no matches.
The way to get around this is to create an inbound QoS map on the LAN interface (eth 0/1) that matches traffic sourced from the 172.16.116.x network, and to then tag that traffic with an IP precedence or DSCP value. You could tag the traffic with the same DSCP value that you are already matching on in the QoS map VOICE-DSCP. However, if you would like for it to have a different priority, you could tag the traffic with another DSCP value or IP precedence value and then add another entry to the VOICE-DSCP map that matches based on that.
An example of the QoS setup I am referring to can be found in the guide below:
Configuring QoS in AOS
Specifically, you will want to reference the multi-tenant example (example #4) on page 45. However, instead of using the "shape average" command that is used in the example, you could use the "priority" command as you did with the first VOICE-DSCP qos map entry.
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
