3850 QoS – Part 3 (Port Specific QoS Role)

6 Jan

In this post we will see how to configure QoS for wired & wireless ports based on its role.I have taken two example of VoIP phone connected switchprot (wired port) & AP connected switchport (wireless port).

Here is our CA topology & I will focus on 3850-2 switch for this QoS configuration. IOS-XE 3.3.1 is used for this post & behavior may be different if you are using an earlier version of software code.

3850-QoS-P3-01I have configured two switch-ports (G1/0/11 & 12) in 3850-2 switch for VoIP phones as shown below

interface GigabitEthernet1/0/11
 description VOIP-1
 switchport access vlan 13
 switchport mode access
 switchport voice vlan 989
 spanning-tree portfast
interface GigabitEthernet1/0/12
 description VOIP-2
 switchport access vlan 13
 switchport mode access
 switchport voice vlan 989
 spanning-tree portfast

Now let’s see make a call between these two phones & see how QoS parameters change. I have configured below SAPN session & my monitoring PC (BackTrack) connected to G1/0/27 of this switch.

3850-2#sh run | in session
monitor session 1 source interface Gi1/0/11
monitor session 1 destination interface Gi1/0/47 encapsulation replicate
3850-2#sh run int g1/0/47
interface GigabitEthernet1/0/47

Here is the packet captures of signaling & RTP media packets coming from VoIP-1 phone connected to G1/0/11. Similarly Packets coming from VoIP-2 should have these classification when it comes to G1/0/12.

3850-QoS-P3-023850-QoS-P3-03Now If we are look at packet going to VoIP-1 (only RTP traffic since signalling go back to CUCM). As you can see traffic going to VoIP-1 has EF (or Priority 5 in dot1q header) which is same as incoming values from VoIP-2. This is very important thing to remember in this 3850 platform, which is by default QoS values (DSCP or CoS)  received by a wired switchport will be trusted & pass-through to another wired switchport without a change.

3850-QoS-P3-04Now let’s see how this work when make a call between wireless phone to wired phone. To do this we will create a open authentication wlan called “3850″ & map it to vlan 1410 under the AP group where L3602-1 configured for. (I usedno broadcast-ssid since I am doing this in office environment & do not want to visible to normal users). Also I will uesd iPhone5 to illustrate QoS mapping changes as well.

3850-2(config)#wlan 3850 17 3850
3850-2(config-wlan)# no broadcast-ssid
3850-2(config-wlan)# client vlan WLN-STD-6
3850-2(config-wlan)# radio dot11a
3850-2(config-wlan)# no security wpa
3850-2(config-wlan)# no shutdown

3850-2#show ap groups 
Site Name: default-group
Site Description: 
WLAN ID   WLAN Name                        Interface
AP Name                         Ethernet MAC      Location
Site Name: SPG1-PW00
Site Description: 
WLAN ID   WLAN Name                        Interface
21        LTUWireless                      WLN-STD-6               

AP Name                         Ethernet MAC      Location
L3702-1                          7cad.74ff.2bc6 default location
L3602-1                          4c00.82df.a4c1 default location

3850-2(config)#ap group SPG1-PW00
3850-2(config-apgroup)#wlan 3850
3850-2(config-wlan-apgroup)#vlan 1410

You can verify wireless client connectivity details as below. iPhone5 detail highlighted in purple color.

3850-2#show wireless client summary 
Number of Local Clients : 1
MAC Address    AP Name                          WLAN State              Protocol 
04f7.e4ea.5b66 L3602-1                          17   UP                 11n(5)   
2c54.2dea.f4ea L3602-1                          17   UP                 11a        

3850-2#show wireless client mac-address 04f7.e4ea.5b66 detail 
Client MAC Address : 04f7.e4ea.5b66
Client Username: N/A
AP MAC Address : f84f.57e3.1460
AP Name: L3602-1
AP slot : 1
Client State : Associated
Wireless LAN Id : 17
Wireless LAN Name: 3850
BSSID : f84f.57e3.146e
Connected For : 2851 secs 
Protocol : 802.11n - 5 GHz
Channel : 36
Client IIF-ID : 0xf2a50000000025
ASIC : 0
IPv4 Address :
IPv6 Address : Unknown
Association Id : 2
Authentication Algorithm : Open System
Status Code : 0
Session Timeout : 0
Client CCX version : No CCX support
Input Policy Name  : unknown
Input Policy State : None
Output Policy Name  : unknown
Output Policy State : None
802.1P Priority Tag : Not supported
WMM Support : Enabled
U-APSD Support : Disabled
Power Save : ON
Current Rate : m7

If you do a wireless packet capture you would see the wireless frames coming from this iPhone5. I am using Jabber Voice (v9.1.6.21640) as the voice client. Here is a RTP packet coming from iPhone5. As you can see WMM-UP value is 5 even though actual IP packet DSCP is EF.In fact this should mark as priority 6 as per 802.11e standard, but most of these devices not correctly mark UP value.(if it is 7925G it is marked UP as 6 :))

3850-QoS-P3-02Now let’s take a look at the packet capture at G1/0/2 wireless port while we are making a call between iPhone5 to VoIP-2.

interface GigabitEthernet1/0/2
 description L3602-1
 switchport access vlan 1610
 switchport mode access
 spanning-tree portfast
interface GigabitEthernet1/0/47
monitor session 1 source interface Gi1/0/2
monitor session 1 destination interface Gi1/0/47

Here is the capture output of a signalling packet & RTP media traffic coming from iPhone5 to 7965 wired phone. As you can see the outer CAPWAP DSCP value is AF41 (which is corresponding to WMM-UP value of 5). Note that original packet DSCP is still EF.

Also note that I have removed default “untrust” behavior of this switch platform when traffic traverses wireless to wired or vice versa. If you do not do this outer CAPWAP DSCP will be re-written to BE (0×00) at this point.

3850-2(config)#no qos wireless-default-untrust

3850-QoS-P3-03Now if you look at G1/0/12 packet capture you will see what QoS values goes when it received by VoIP phone. As you can see, based on the outer CAPWAP header DSCP value, swtich has re-written the 802.1q header CoS value & original packet DSCP. So VoIP phone getting the packet with DSCP AF41 (instead of EF)

3850-QoS-P3-04So it is important to classify your traffic Based on a corporate QoS policy, rather trusting DSCP (or WMM-UP value for wireless frames), since there is no consistency of these different clients.

In a future post we will see how to classify traffic in order to get same treatment for wired & wireless traffic across the network.

Related Posts

1. 3850 QoS – Part 1 (QoS Touch Points)
2. 3850 QoS – Part 2 (Queuing Models)
3. 3850 QoS – Part 4 (Wireless QoS Mapping)
4. 3850 QoS – Part 5

Source: http://mrncciew.com/2014/01/06/3850-qos-part-3-port-specific-qos-role/


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: