Switchport QoS configuration for WLC

Hi guys,
I am having a question about switchport QoS configuration for WLC. In the "enterprise mobility deployment guide 4.1", it says we can use both either "mls qos trust cos" or "mls qos trust dscp", depending on the mapping, however looking through Jerome's video tutorial on QoS in youtube, he actually mentioned that we need to keep this value as "mls qos trust cos", and I have also read from somewhere else that since controllers are layer 2 device, we do need to use "mls qos trust cos" on the switchport directly connected to the WLC.
however I did see some configurations using "mls qos trust dscp" on the switchport, which is for 5508 WLC due to some hardware design in the 5508 WLC. so I just want to ask what is the differnece between these two commands when we use them for switchports connected to WLC, and does this command really specific for what controller platform we use or it only depends on code version?
thank you very much for your time and help.

Hi George,
Thanks for your reply, however I am still a bit confused on the difference between the two commands...
so in the deployment guide it does say we can do either one on the switchports connected to the WLC, so when should we use trust dscp instead of cos?
it sort of make sense when we talk about WLC is a layer 2 device hence we should use cos, but we also have packets marked with dscp values and I think the controller will keep the value without any modification, then that means we can also use trust dscp in order for this mapping to be done correctly, is this correct?
I did see some other people saying that when using turst dscp and did a packet capture, the values cannot be mapped correctly, but there are also cases that this works. expecially with 5508 series controllers, does it really have some hardware features that doing different things than the 4404s and the 2100 series?
but still, in what situation should we trust dscp on switchports connecting to WLC and when should we use trust cos as a best practice? or we should just forget about trust dscp for switchport connecting to WLC?
Thanks.

Similar Messages

  • QoS Configuration for NME-AIR-WLC

    Hello,
    I have a question on the correct QoS configuration for a VoIP deployment. I have followed the steps referenced here but have two questions..
    1) The last recommendation in the list is to set DCA channel sensitivity to High to avoid changes during business hours. I think this should be Low? The manual states "Low—The DCA algorithm is not particularly sensitive to environmental changes."
    2) The recommendation is to trust dscp on AP uplinks and to trust cos on the WLC uplink. However I can't find any configuration guidelines for configuring QoS if the WLC in question is an NME hosted in a 2921.
    2a) The link between the switch and the 2921 is an 802.1q trunk so should I trust cos on this link rather than dscp?
    2b) What configuration should be on the 2921? Create a policy-map and apply it to the uplink port?
    2c) Should there be a service policy assigned to the In1/0 interface for the WLC itself?
    Any thoughts appreciated.
    Thanks,
    Dave

    Well I appear to have answered question 2 after I stopped being lazy and did some packet captures.
    No configuration required on 2921 as packets captured from In1/0 and Gi0/0 show correct DSCP markings on RTP and SCCP packets.
    Would still be interested to know on question 1 though.

  • What is the recommenden access port QoS configuration for 8900/9900 video enabled phones

    Hi all,
    we are currently starting to roll out some video enabled 9900 and 8900 phones in our network. In the past we did not use video and configured the access ports on our Catalyst 2960 switches with "auto qos voip ciscp-phone". This however creates a policy which does not include a class-map to correctly handle the AF41 video traffic coming from those phones. I have thougth about extending the autoqos policy with a AF41 class-map but am not sure if this is the right way to do it. 
    That's what I have in mind:
    class-map match-all AUTOQOS_VIDEO_DATA_CLASS
      match ip dscp af41
    class-map match-all AUTOQOS_VOIP_DATA_CLASS
      match ip dscp ef
    class-map match-all AUTOQOS_DEFAULT_CLASS
      match access-group name AUTOQOS-ACL-DEFAULT
    class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
      match ip dscp cs3
    policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
     class AUTOQOS_VOIP_DATA_CLASS
       set dscp ef
      police 128000 8000 exceed-action policed-dscp-transmit
     class AUTOQOS_VIDEO_DATA_CLASS
       set dscp af41
      police 1500000 8000 exceed-action policed-dscp-transmit
     class AUTOQOS_VOIP_SIGNAL_CLASS
       set dscp cs3
      police 32000 8000 exceed-action policed-dscp-transmit
     class AUTOQOS_DEFAULT_CLASS
       set dscp default
      police 10000000 8000 exceed-action policed-dscp-transmit
    How do you guys do it ? Is there some documentation for this ? 
    Thank you for your kind help
    best regards
    Andreas

    Hi
    You have to keep this table on your mind. Your configuration is fine if your configuration for SD video , but if for HD video , it is not ok you have to change video bandwidth at least 5M.
    Traffic Type
    Layer 2 CoS
    Layer 3 IP Precedence
    Layer 3 DSCP
    Voice RTP1
    5
    5
    EF
    Voice control
    3
    3
    AF31
    Video conference
    4
    4
    AF41
    Streaming video (IP/TV)
    1
    1
    AF13
    Data
    0-2
    0-2
    0-AF23
    *Interactive Video "AF41"- Sensitive but can tolerate packet loss of about 1% and latency almost same as voice.
    *Streaming Video "AF13" - Less sensitive - can tolerate about 4-5% packet loss and latency of about 4-5 seconds.
    *HD video conference will require between 5M to 16M , but SD video conference will use 384K to 1 M
    Note:-Video QOS , if you will assume that your video conference will use around 384K , you have to add 20% because video conference include voice so the total bandwidth 460K.
    Kindly check the below link
    http://www.sdcug.com/wp-content/uploads/2011/04/Campus-QoS-for-Voice-and-Video.pdf
    Thanks
    please rate all useful information

  • SRW Series QoS configuration for VoIP

    Hello Cisco experts,
    I have SRW224G4 switch in an office connected to the internet through port1, Asterisk server through port 9, Internal computers through ports 16-24.
    Currently, voice is cutting in the inbound direction when computer users are using Internet. I am trying to make some QoS configuration in which remote IAX2 phone, which uses UDP port 4569, will not be affected by Internet usage made by internal computers.
    I have logged in to the switch management webpage, I found a section for (QoS), but I need some help in specifying which parameter should I configure.
    Internet connection speed is 1mbps DL / 512kbps UL. I can configure Asterisk to mark packest with some TOS if required.

    One way to do it would be to configure Asterisk to assign a DSCP value of 46 to voice packets.
    Then on the SRW224G4, use:
    CoS Settings tab / QoS mode: Basic
    Basic tab / Trust mode: DSCP
    That would give priority to voice packets inside your network.
    Possible problems:
    your ISP will most likely clear DSCP markings on packets going out of the network
    rare case: your ISP might charge you more for packets marked with DSCP 46 (not likely on an ADSL connection)
    bottleneck will be the ADSL router, so if possible, you should implement QoS based on DSCP on that device
    if some PC based software uses DSCP markings, it'll get priority also
    Hope this helps!
    Cheers,
    Tamas

  • QOS configuration for Wireless voice over IP

    HI, I've been asked to install approx 5 wireless phones on a network that consists of the following:-
    1 x 4006 core switch
    8 x 3550 Access switches
    6 x 1100 AP's (that are connected to the Access switches.
    My question is this - does anyone have a basic QoS configuration that I can place onto the LAN infrastructure (Core/Access switches).
    Kind Regards
    Steve

    Should refer to http://www.cisco.com/en/US/products/hw/phones/ps379/products_implementation_design_guide_book09186a00802a029a.html. Also Cat 4K should have Sup2+ or higher to support voice.

  • Best QOS Practice for a congested Uplink Port?

    I have an MPLS uplink port to a carrier that carries both voice and data.
    For example, Customer 3750 Switch 100MB Uplink--->100MB Uplink Carrier Router---Carrier Router 6MB MLPP Voice/Data MPLS Uplink with QOS configured for Voice subnet on carrier side too.
    The port occasionally suffers from overutilizition and spikes to the full 6MB
    I have a centralized CUCM that has phones that occasionally reset due to TCP 2000 timeouts (usually during the period of high utilization)
    So that I can avoid most phone resets during high utilization I have prioritized all voice traffic (signalling and RTP streams) to EF
    My question: What is best practice configuration for a congested uplink port? I'm going to assume the answer is it depends (the all great technical answer )
    Here are my thoughts on how to configure the 3750 uplink port so far:
    apply mls qos trust dscp
    apply priority-queue out
    (Here's where I'm looking for help)
    apply some sort of policing or bandwidth statement on the interface to protect the voice traffic: What are the recommendations and what would those configurations look like?
    I would apply these these configurations to the uplink ports at the edge site as well as the central site.
    Any thoughts as to the best way to accomplish this?

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    You want to prioritize VoIP traffic at congestion points, which for you, looks to be whenever your LAN bandwidth hits your 6 Mbps WAN.
    If the carrier takes your 100 Mbps, and doesn't just generally police all traffic to 6 Mbps, but instead has different priority queues for the 6 Mbps, all you should need to do, is insure you traffic is correctly processed by your WAN vendor.  This, though, might require marking your traffic for the WAN provider.
    If you carrier first polices all your traffic at 6 Mbps (many do), then you need to shape the traffic (with you own prioritization) before the provider "sees" it.  If you need to "shape" on the 3750, there's a command to limit a port's bandwidth utilization, as a percentage.  However it's not exact, so you may need to "shape" slower than 6 Mbps to insure 6 Mbps won't be exceeded.  (BTW, for 6 Mbps, if you need to do QoS, you would be better off with an ISR.)
    You also mention 6 MLPPP, but it's unlclear what your device is for that.
    How to configure 3750 QoS is involved.  Basically when you enable QoS, each port has four dedicated egress queues.  By default, different traffic markings go into one of the four queues, each queue has same share of the bandwidth, and almost same share of the buffers.  The PQ command you noted, enables the first queue to always transmit its packets first.  Normally, you'll want to do that for VoIP bearer packets, which you've (insured are) directed to that queue.  You also want to insure that VoIP signally packets are not likley to be dropped and, more or less, are forwarded quickly.
    Cisco has multiple papers on QoS configurations, including papers for 3750s, so instead of my trying to present that, the above is intended as an overview.  Feel free to post additional questions, the more specific, the more likely you'll get an answer.

  • SNMP configuration in WLC

    hi all,
    Can any one tell me if there is document available for SNMP configuration for WLC 4404?

    http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_controller_setting.html#wpmkr1372608
    Configuring the device via snmp is very difficult and there really isn't a document covering that.  WCS uses snmp to configure the controllers.

  • QoS design for VPN

    is there sample/templete for Qos configuration for remote access VPN?
    for example:
    user from Internet access VPN gateway, once got authenticated, it will get the IP address from DHCP server and access internal resource. how can i configure the Qos to assign minimum bandwidth for this traffic on Internet facing router?

    Unclear what you mean by "assign minimum bandwidth". Do you want to cap the traffic, gurantee a minimum, or both? Direction of control, in or out or both?
    Is there only one user and only one VPN flow, or several? Is the VPN gateway also the same router as the Internet facing router, or are they different?

  • Is there any limitation of firmware or hardware for QoS configuration (4400 controller & 1252 AP's)

    Hi Experts,
    Before proceeding for adding AP model 1131 and 1252 into my set-up , I need to know whether any limitation of firmware or hardware for QoS configuration in wireless set-up .
    I have 4400 controller and 1130 & 1250 AP models.

    Hi Vinod,
    Since you have 4400 controllers, you can run upto WLC 7.0.x code. Refer this for more detail
    http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
    there is no specific limitation to 1131/1252 AP model as such, everything is WLC software dependent.
    From later software 7.4.x,7.6.x,8.x, lots of improvement for QoS configuration & bandwidth control, but since your controller is old hardware, you cannot have those latest features.
    here is a reference post on how QoS works in wireless environment
    http://mrncciew.com/2012/11/28/understanding-wireless-qos-part-1/
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • Cisco WLC : AP automatic configuration for flexconnect parameters and ap group

    Hello !
    Is there a way to configure cisco WLC to automatically set flexconnect parameters such as Vlan support and Native Vlan ID when an access point join the controller ? 
    Same question to assign the access point to a specific AP Group ?
    PS: The access points are set with usine parameters and the WLC is in version 7.4
    Thank you for your answers !
    Stephane

    To my knowledge these features are not available in 7.4, but from what I understand 8.0 will have similar features. I can say that 7.6 has global commands, not sure if its part of 7.4.
    If it is you can navigate there Wireless>Access Points>Global Configuration you can do things like configure your primary and backup controllers, set login credentials, pre-download images to AP's.
    Please rate if you find the information helpful.
    HTH

  • Help in QoS configuration on 3750E/2960X

    Hello everybody,
    I would like to configure QoS in VoIP for terminal Aastra in switches Cisco (with L3). As I am not very confident in this issue, I have thought to give a priority for VoIP considering output traffic from IP telephone. The IP telephones have an IP in range 10.5.160.0/22, so could it be this criteria valid for assigning QoS to the VoIP packets? The criteria would be:
    ip access-list extended tel_VOIP
     permit tcp 10.5.160.0 0.0.0.252 any
     permit udp 10.5.160.0 0.0.0.252 any
    Class-map match-all VOIP
    Match access-group name tel_VOIP
    Policy-map VOIP
    Class VOIP
    Set ip dscp 32
    And then for the access voip ports, I would put this:
    Interface giga0/x
    switchport mode access
    service-policy input VIDEO
    service-policy output VOIP
     switchport voice vlan 6
     switchport access vlan n
     mls qos trust dscp
     power inline consumption 5000
    Also I have another policy-map configured for input traffic for video which gives it pri 32.
    I would like to know if traffic with maximum priority goes by queue out nº 1 by default. And if so, if this would be enough to guarantee video and voip traffic would go by this queue, which has by default 4 Mb shaped. Our video only takes 256Kb.
    Another thing is if more than 4 Mb were needed in queue out, a way to assure video and voip traffic would be to configure this queue as priority queue-out, wouldn’t it be?
    Please, I do not know how to configure queues and I only want to know if this would categorize voip and video traffic with a dscp of 32.
    Thank you very much.
    I am a bit lost about this item. And that is why I would prefer not configuring different weights for the out queues if not necessary. Please, make me any comment. I could send you my configuration. 

    hello Yahsiel, 
    Well, I must have mismatched signaling value with voice traffic value. What I would like to do is marking voip traffic and then reserving a bandwith for it. 
    I have investigated and voip traffic comes marked with CoS 5, so I suppose I do not have to create an access-list, I could create a class-map for voip: 
    class-map VOIP
    match ip precedence 5
    and then reserve BW for it: 
    policy-map VOIP-VIDEO
    Class VOIP
    priority 1000
    and then I could also set this policy in all the access ports with: 
    service-policy input VOIP-VIDEO
    I suppose I could include in this same policy-map the marking of VIDEO traffic which is: 
      class VIDEO
        set ip dscp 32
    Also as you say I will have to put in the access ports the "mls qos trust cos" and in the trunk "mls qos trust dscp". 
    Do you think now this would guarantee 1 Mb for voip in the out queue? Out queue 1 has a total of 4 Mb maximum shaped so I think this would run.... 
    What about "auto qos voip trust" in the interface level for all the ports? Some people tell me this run ok, but I do not know if I must configure it or not. If I configured auto qos, I think I wouldn't have to policy voip traffic. 
    Thank you for your soon reply. Really!!! 

  • Authentication for WLC

    Hi,
    I have a WLC (4404), and it is configured for authentication in ACS.
    When I conect in WLC whit browser (HTTPS), I put my username and password from ACS, and it works.
    However, if I put the local username in WLC it works.
    I would like to disable the username local when ACS works, as I do that?
    But when ACS go down a need of the local username...

    You will not be able to do this like how you can with a router or switch. Locally is checked first prior to tacacs and can't be changed. Maybe speak with you local Cisco wireless SE to see if he can put that as a feature enhancement.

  • Change IP address for WLC

    I want to change IP address for WLC in production, should I convert Access Point from LWAP to IOS then convert again to LWAP ?
    Regards,

    Hi Friend,
    The best way is configure your controlelr as primary controller for all APs. You can do so going to wireless tab and then click on each AP detail and configure this controller as primary controller.
    Also if you have WCS you can do the same in one go for all APs and after that even if controller ip address is changed they will stay join to this controller.
    HTH
    Ankur
    *Pls rate all helpfull post

  • Generate Certificates for WLC and clients

    Hi Guys
    I've been working acording the following document to integrate my WLC 5508 with LDAP for internal users:
    http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
    However when I try to generate the device certificate on Windows Server 2012, I see the steps are different, for example when I reach the step 4 (of Generate a Device Certificate for the WLC section), the CA ask me for a Certificate Signing Request instead of Create and submit request to this CA option, as appears in the document.
    How do I get this? 
    Thanks in advance for your support!
    Marcelo

    Hi,
    If you are trying to get a device certificate for WLC, then you may need to use 3rd party software like openSSL for this.
    Below post may help you to see how you can do this
    http://mrncciew.com/2013/04/22/configuring-eap-tls-on-wlc/
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • TACACS+ configuration for Cisco ASA

    I tired configuring TACACS+ configuration for ASA but unable to complete it. I have ACS 3.3 for all other Cisco Routers and Switches

    Leo,
    I was looking around and come across this post. It's very late, however, wanted to add my inputs for other community members.
    RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+  with ASDM 6.2+.
    If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.
    CSCtf23419    ASDM OTP authentication support in multi-context and transparent modes
    With WLC is yet not possible and there is a enhancement request filed.
    CSCuf61598    WLC: Need ability to support multiple sessions via OTP authentication
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

Maybe you are looking for