Switchport QoS configuration for WLC
Hi guys,
I am having a question about switchport QoS configuration for WLC. In the "enterprise mobility deployment guide 4.1", it says we can use both either "mls qos trust cos" or "mls qos trust dscp", depending on the mapping, however looking through Jerome's video tutorial on QoS in youtube, he actually mentioned that we need to keep this value as "mls qos trust cos", and I have also read from somewhere else that since controllers are layer 2 device, we do need to use "mls qos trust cos" on the switchport directly connected to the WLC.
however I did see some configurations using "mls qos trust dscp" on the switchport, which is for 5508 WLC due to some hardware design in the 5508 WLC. so I just want to ask what is the differnece between these two commands when we use them for switchports connected to WLC, and does this command really specific for what controller platform we use or it only depends on code version?
thank you very much for your time and help.
Hi George,
Thanks for your reply, however I am still a bit confused on the difference between the two commands...
so in the deployment guide it does say we can do either one on the switchports connected to the WLC, so when should we use trust dscp instead of cos?
it sort of make sense when we talk about WLC is a layer 2 device hence we should use cos, but we also have packets marked with dscp values and I think the controller will keep the value without any modification, then that means we can also use trust dscp in order for this mapping to be done correctly, is this correct?
I did see some other people saying that when using turst dscp and did a packet capture, the values cannot be mapped correctly, but there are also cases that this works. expecially with 5508 series controllers, does it really have some hardware features that doing different things than the 4404s and the 2100 series?
but still, in what situation should we trust dscp on switchports connecting to WLC and when should we use trust cos as a best practice? or we should just forget about trust dscp for switchport connecting to WLC?
Thanks.
Similar Messages
-
QoS Configuration for NME-AIR-WLC
Hello,
I have a question on the correct QoS configuration for a VoIP deployment. I have followed the steps referenced here but have two questions..
1) The last recommendation in the list is to set DCA channel sensitivity to High to avoid changes during business hours. I think this should be Low? The manual states "Low—The DCA algorithm is not particularly sensitive to environmental changes."
2) The recommendation is to trust dscp on AP uplinks and to trust cos on the WLC uplink. However I can't find any configuration guidelines for configuring QoS if the WLC in question is an NME hosted in a 2921.
2a) The link between the switch and the 2921 is an 802.1q trunk so should I trust cos on this link rather than dscp?
2b) What configuration should be on the 2921? Create a policy-map and apply it to the uplink port?
2c) Should there be a service policy assigned to the In1/0 interface for the WLC itself?
Any thoughts appreciated.
Thanks,
DaveWell I appear to have answered question 2 after I stopped being lazy and did some packet captures.
No configuration required on 2921 as packets captured from In1/0 and Gi0/0 show correct DSCP markings on RTP and SCCP packets.
Would still be interested to know on question 1 though. -
What is the recommenden access port QoS configuration for 8900/9900 video enabled phones
Hi all,
we are currently starting to roll out some video enabled 9900 and 8900 phones in our network. In the past we did not use video and configured the access ports on our Catalyst 2960 switches with "auto qos voip ciscp-phone". This however creates a policy which does not include a class-map to correctly handle the AF41 video traffic coming from those phones. I have thougth about extending the autoqos policy with a AF41 class-map but am not sure if this is the right way to do it.
That's what I have in mind:
class-map match-all AUTOQOS_VIDEO_DATA_CLASS
match ip dscp af41
class-map match-all AUTOQOS_VOIP_DATA_CLASS
match ip dscp ef
class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
match ip dscp cs3
policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
class AUTOQOS_VOIP_DATA_CLASS
set dscp ef
police 128000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VIDEO_DATA_CLASS
set dscp af41
police 1500000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VOIP_SIGNAL_CLASS
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_DEFAULT_CLASS
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit
How do you guys do it ? Is there some documentation for this ?
Thank you for your kind help
best regards
AndreasHi
You have to keep this table on your mind. Your configuration is fine if your configuration for SD video , but if for HD video , it is not ok you have to change video bandwidth at least 5M.
Traffic Type
Layer 2 CoS
Layer 3 IP Precedence
Layer 3 DSCP
Voice RTP1
5
5
EF
Voice control
3
3
AF31
Video conference
4
4
AF41
Streaming video (IP/TV)
1
1
AF13
Data
0-2
0-2
0-AF23
*Interactive Video "AF41"- Sensitive but can tolerate packet loss of about 1% and latency almost same as voice.
*Streaming Video "AF13" - Less sensitive - can tolerate about 4-5% packet loss and latency of about 4-5 seconds.
*HD video conference will require between 5M to 16M , but SD video conference will use 384K to 1 M
Note:-Video QOS , if you will assume that your video conference will use around 384K , you have to add 20% because video conference include voice so the total bandwidth 460K.
Kindly check the below link
http://www.sdcug.com/wp-content/uploads/2011/04/Campus-QoS-for-Voice-and-Video.pdf
Thanks
please rate all useful information -
SRW Series QoS configuration for VoIP
Hello Cisco experts,
I have SRW224G4 switch in an office connected to the internet through port1, Asterisk server through port 9, Internal computers through ports 16-24.
Currently, voice is cutting in the inbound direction when computer users are using Internet. I am trying to make some QoS configuration in which remote IAX2 phone, which uses UDP port 4569, will not be affected by Internet usage made by internal computers.
I have logged in to the switch management webpage, I found a section for (QoS), but I need some help in specifying which parameter should I configure.
Internet connection speed is 1mbps DL / 512kbps UL. I can configure Asterisk to mark packest with some TOS if required.One way to do it would be to configure Asterisk to assign a DSCP value of 46 to voice packets.
Then on the SRW224G4, use:
CoS Settings tab / QoS mode: Basic
Basic tab / Trust mode: DSCP
That would give priority to voice packets inside your network.
Possible problems:
your ISP will most likely clear DSCP markings on packets going out of the network
rare case: your ISP might charge you more for packets marked with DSCP 46 (not likely on an ADSL connection)
bottleneck will be the ADSL router, so if possible, you should implement QoS based on DSCP on that device
if some PC based software uses DSCP markings, it'll get priority also
Hope this helps!
Cheers,
Tamas -
QOS configuration for Wireless voice over IP
HI, I've been asked to install approx 5 wireless phones on a network that consists of the following:-
1 x 4006 core switch
8 x 3550 Access switches
6 x 1100 AP's (that are connected to the Access switches.
My question is this - does anyone have a basic QoS configuration that I can place onto the LAN infrastructure (Core/Access switches).
Kind Regards
SteveShould refer to http://www.cisco.com/en/US/products/hw/phones/ps379/products_implementation_design_guide_book09186a00802a029a.html. Also Cat 4K should have Sup2+ or higher to support voice.
-
Best QOS Practice for a congested Uplink Port?
I have an MPLS uplink port to a carrier that carries both voice and data.
For example, Customer 3750 Switch 100MB Uplink--->100MB Uplink Carrier Router---Carrier Router 6MB MLPP Voice/Data MPLS Uplink with QOS configured for Voice subnet on carrier side too.
The port occasionally suffers from overutilizition and spikes to the full 6MB
I have a centralized CUCM that has phones that occasionally reset due to TCP 2000 timeouts (usually during the period of high utilization)
So that I can avoid most phone resets during high utilization I have prioritized all voice traffic (signalling and RTP streams) to EF
My question: What is best practice configuration for a congested uplink port? I'm going to assume the answer is it depends (the all great technical answer )
Here are my thoughts on how to configure the 3750 uplink port so far:
apply mls qos trust dscp
apply priority-queue out
(Here's where I'm looking for help)
apply some sort of policing or bandwidth statement on the interface to protect the voice traffic: What are the recommendations and what would those configurations look like?
I would apply these these configurations to the uplink ports at the edge site as well as the central site.
Any thoughts as to the best way to accomplish this?Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You want to prioritize VoIP traffic at congestion points, which for you, looks to be whenever your LAN bandwidth hits your 6 Mbps WAN.
If the carrier takes your 100 Mbps, and doesn't just generally police all traffic to 6 Mbps, but instead has different priority queues for the 6 Mbps, all you should need to do, is insure you traffic is correctly processed by your WAN vendor. This, though, might require marking your traffic for the WAN provider.
If you carrier first polices all your traffic at 6 Mbps (many do), then you need to shape the traffic (with you own prioritization) before the provider "sees" it. If you need to "shape" on the 3750, there's a command to limit a port's bandwidth utilization, as a percentage. However it's not exact, so you may need to "shape" slower than 6 Mbps to insure 6 Mbps won't be exceeded. (BTW, for 6 Mbps, if you need to do QoS, you would be better off with an ISR.)
You also mention 6 MLPPP, but it's unlclear what your device is for that.
How to configure 3750 QoS is involved. Basically when you enable QoS, each port has four dedicated egress queues. By default, different traffic markings go into one of the four queues, each queue has same share of the bandwidth, and almost same share of the buffers. The PQ command you noted, enables the first queue to always transmit its packets first. Normally, you'll want to do that for VoIP bearer packets, which you've (insured are) directed to that queue. You also want to insure that VoIP signally packets are not likley to be dropped and, more or less, are forwarded quickly.
Cisco has multiple papers on QoS configurations, including papers for 3750s, so instead of my trying to present that, the above is intended as an overview. Feel free to post additional questions, the more specific, the more likely you'll get an answer. -
hi all,
Can any one tell me if there is document available for SNMP configuration for WLC 4404?http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_controller_setting.html#wpmkr1372608
Configuring the device via snmp is very difficult and there really isn't a document covering that. WCS uses snmp to configure the controllers. -
is there sample/templete for Qos configuration for remote access VPN?
for example:
user from Internet access VPN gateway, once got authenticated, it will get the IP address from DHCP server and access internal resource. how can i configure the Qos to assign minimum bandwidth for this traffic on Internet facing router?Unclear what you mean by "assign minimum bandwidth". Do you want to cap the traffic, gurantee a minimum, or both? Direction of control, in or out or both?
Is there only one user and only one VPN flow, or several? Is the VPN gateway also the same router as the Internet facing router, or are they different? -
Hi Experts,
Before proceeding for adding AP model 1131 and 1252 into my set-up , I need to know whether any limitation of firmware or hardware for QoS configuration in wireless set-up .
I have 4400 controller and 1130 & 1250 AP models.Hi Vinod,
Since you have 4400 controllers, you can run upto WLC 7.0.x code. Refer this for more detail
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
there is no specific limitation to 1131/1252 AP model as such, everything is WLC software dependent.
From later software 7.4.x,7.6.x,8.x, lots of improvement for QoS configuration & bandwidth control, but since your controller is old hardware, you cannot have those latest features.
here is a reference post on how QoS works in wireless environment
http://mrncciew.com/2012/11/28/understanding-wireless-qos-part-1/
HTH
Rasika
*** Pls rate all useful responses **** -
Cisco WLC : AP automatic configuration for flexconnect parameters and ap group
Hello !
Is there a way to configure cisco WLC to automatically set flexconnect parameters such as Vlan support and Native Vlan ID when an access point join the controller ?
Same question to assign the access point to a specific AP Group ?
PS: The access points are set with usine parameters and the WLC is in version 7.4
Thank you for your answers !
StephaneTo my knowledge these features are not available in 7.4, but from what I understand 8.0 will have similar features. I can say that 7.6 has global commands, not sure if its part of 7.4.
If it is you can navigate there Wireless>Access Points>Global Configuration you can do things like configure your primary and backup controllers, set login credentials, pre-download images to AP's.
Please rate if you find the information helpful.
HTH -
Help in QoS configuration on 3750E/2960X
Hello everybody,
I would like to configure QoS in VoIP for terminal Aastra in switches Cisco (with L3). As I am not very confident in this issue, I have thought to give a priority for VoIP considering output traffic from IP telephone. The IP telephones have an IP in range 10.5.160.0/22, so could it be this criteria valid for assigning QoS to the VoIP packets? The criteria would be:
ip access-list extended tel_VOIP
permit tcp 10.5.160.0 0.0.0.252 any
permit udp 10.5.160.0 0.0.0.252 any
Class-map match-all VOIP
Match access-group name tel_VOIP
Policy-map VOIP
Class VOIP
Set ip dscp 32
And then for the access voip ports, I would put this:
Interface giga0/x
switchport mode access
service-policy input VIDEO
service-policy output VOIP
switchport voice vlan 6
switchport access vlan n
mls qos trust dscp
power inline consumption 5000
Also I have another policy-map configured for input traffic for video which gives it pri 32.
I would like to know if traffic with maximum priority goes by queue out nº 1 by default. And if so, if this would be enough to guarantee video and voip traffic would go by this queue, which has by default 4 Mb shaped. Our video only takes 256Kb.
Another thing is if more than 4 Mb were needed in queue out, a way to assure video and voip traffic would be to configure this queue as priority queue-out, wouldn’t it be?
Please, I do not know how to configure queues and I only want to know if this would categorize voip and video traffic with a dscp of 32.
Thank you very much.
I am a bit lost about this item. And that is why I would prefer not configuring different weights for the out queues if not necessary. Please, make me any comment. I could send you my configuration.hello Yahsiel,
Well, I must have mismatched signaling value with voice traffic value. What I would like to do is marking voip traffic and then reserving a bandwith for it.
I have investigated and voip traffic comes marked with CoS 5, so I suppose I do not have to create an access-list, I could create a class-map for voip:
class-map VOIP
match ip precedence 5
and then reserve BW for it:
policy-map VOIP-VIDEO
Class VOIP
priority 1000
and then I could also set this policy in all the access ports with:
service-policy input VOIP-VIDEO
I suppose I could include in this same policy-map the marking of VIDEO traffic which is:
class VIDEO
set ip dscp 32
Also as you say I will have to put in the access ports the "mls qos trust cos" and in the trunk "mls qos trust dscp".
Do you think now this would guarantee 1 Mb for voip in the out queue? Out queue 1 has a total of 4 Mb maximum shaped so I think this would run....
What about "auto qos voip trust" in the interface level for all the ports? Some people tell me this run ok, but I do not know if I must configure it or not. If I configured auto qos, I think I wouldn't have to policy voip traffic.
Thank you for your soon reply. Really!!! -
Hi,
I have a WLC (4404), and it is configured for authentication in ACS.
When I conect in WLC whit browser (HTTPS), I put my username and password from ACS, and it works.
However, if I put the local username in WLC it works.
I would like to disable the username local when ACS works, as I do that?
But when ACS go down a need of the local username...You will not be able to do this like how you can with a router or switch. Locally is checked first prior to tacacs and can't be changed. Maybe speak with you local Cisco wireless SE to see if he can put that as a feature enhancement.
-
I want to change IP address for WLC in production, should I convert Access Point from LWAP to IOS then convert again to LWAP ?
Regards,Hi Friend,
The best way is configure your controlelr as primary controller for all APs. You can do so going to wireless tab and then click on each AP detail and configure this controller as primary controller.
Also if you have WCS you can do the same in one go for all APs and after that even if controller ip address is changed they will stay join to this controller.
HTH
Ankur
*Pls rate all helpfull post -
Generate Certificates for WLC and clients
Hi Guys
I've been working acording the following document to integrate my WLC 5508 with LDAP for internal users:
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
However when I try to generate the device certificate on Windows Server 2012, I see the steps are different, for example when I reach the step 4 (of Generate a Device Certificate for the WLC section), the CA ask me for a Certificate Signing Request instead of Create and submit request to this CA option, as appears in the document.
How do I get this?
Thanks in advance for your support!
MarceloHi,
If you are trying to get a device certificate for WLC, then you may need to use 3rd party software like openSSL for this.
Below post may help you to see how you can do this
http://mrncciew.com/2013/04/22/configuring-eap-tls-on-wlc/
HTH
Rasika
*** Pls rate all useful responses **** -
TACACS+ configuration for Cisco ASA
I tired configuring TACACS+ configuration for ASA but unable to complete it. I have ACS 3.3 for all other Cisco Routers and Switches
Leo,
I was looking around and come across this post. It's very late, however, wanted to add my inputs for other community members.
RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+ with ASDM 6.2+.
If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.
CSCtf23419 ASDM OTP authentication support in multi-context and transparent modes
With WLC is yet not possible and there is a enhancement request filed.
CSCuf61598 WLC: Need ability to support multiple sessions via OTP authentication
~BR
Jatin Katyal
**Do rate helpful posts**
Maybe you are looking for
-
The browser acts as though it is connecting to the page, yet without giving any sort of error, it shows up as blank. Just pure blank with the address on the URL bar, and (I forget the name sorry) the little page icon that often appears next to the ad
-
Can you get to "my videos" in the youtube section of Apple TV?
Hello all, I have a question about the YouTube section of Apple TV. I currently store all of my home videos on youtube. I upload them as "private" and organize them in playlists, just as if each playlist was a DVD that I would burn. (As an example
-
Webcam not detected in Compact Presario C769CA Notebook - Windows Vista 32-bit
The webcam is not detected in my notebook, it is NOT shown in the Device Manager or in the Imaging devices: I have done a scan for driver updates and the result said that all drivers are up to date, but the webcam is still not detected. Where can
-
Getting movies from ipad to microsoft computer after backing up..
I have just backed up my ipad to my home (microsoft) computer and I cannot view any of my videos or pictures. I am trying to copy a imove which has been saved into my camera roll and videos to itunes so that I can copy my movie and save it to usb on
-
My I messages won't send. Any ideas ?
All of a sudden my I messages will not go through. It says it was sent, and within a second it says it was not sent. When I retry, it still won't send. These messages are to a person that I text all the time, so I know it did work. Any ideas?