, , ,

After reading few online posts about wireless QoS, I felt it is worth to spend some time to understand what’s going on packet level. So this will be the first part of wireless QoS related posts. I have used following lab set up for this exercise.

In this part, I will look at how QoS parameter (primarily DSCP/COS tag) of a packet change when it traverse from wireless client (C7921) to Wired client (PC). Before looking into the packet capture this is my basic understanding how it should work.

1. If wireless client device is WMM capable it will classify its application traffic into 8 user priorities(UP) & four Access Categories (Voice-VO, Video-VI, Best Effort-BE, Background-BK).In this case RTP media traffic with DSCP EF ( mark as WMM_UP of 6) & tcp control traffic with DSCP CS3 (WMM_UP of 4).
2. When AP receive this traffic, it will encapsulates the original packet into CAPWAP and added outer DSCP values based on the WMM_UP as long as QoS profile configured on WLC allow that level of QoS.
3. CAPWAP packet source would be Access Point IP & destination IP would be WLC ap-manager IP(In 5508 just mgt IP as no ap-manager interface).Source port would be high random UDP port & destination would be UDP 5247(capwap-data)
4. This outer DSCP value corresponds to WMM user priority(UP) of the incoming frame from the client  & capped- max QoS profile (Platinum, Gold, Silver, Bronze) configured on the WLC.
5. If Switchport connected to AP is configured to trust DSCP it will trust this outer DSCP
6. If packet is sent to a trunk port it will derive a COS/802.1p value based on the outer DSCP trusted at the AP connected switch port.
7. When It comes to WLC & prior to send packet to wired side,it will re-write COS value based on the capped DSCP value (or outer DSCP) of the packet received from the AP
8. When packet goes from WLC to wired PC, If switchport connected WLC is configured to trust cos, it will trust cos & derive DSCP value  based on cos-dscp table mapping on the switch.
9. Then packet will send to the wired client & original DSCP value may alter depend on how these mapping/QoS profile configured on the network environment.

If you capture wireless traffic over the air on the channel where AP is operating (see my post “Capturing Wireless Packets – Free Tool”  how you can do this)  you can see how the phone set WMM values into 802.11 frames when it sent to wireless media.As you see C7921( phone will be setting its RTP traffic  DSCP to EF destined to wired PC (

Prior to send thie 802.11 frame into wireless media, QoS of the 802.11 frame is set to WMM_VO priority of 6 for voice traffic (this is different to Cisco/IETF setting for voice traffic (see the mapping table listed down in this post).Through the wireless media this packet get priority as contention window for WMM_VO packets are smaller than that  for other(WMM_VI, WMM_BE, WMM_BK) wireless packets .7921-AP-RTP

Next will see how packet capture looks like  at the AP connected switch port(Fa1/0/13). You would notice original packet is CAPWAP encapsulated.

If you look at from bottom to top, you will see original packet is from wireless phone (C7921) to PC IP ( with RTP payload (dest udp port range 16384-32767). This is marked with DSCP EF by the WMM capable wireless phone.

Also at the Access Point, AP encapsulates this packet in to CAPWAP (des port 5247) & sending it to WLC ap-mgr IP (as 44xx have ap-mgr interface, If it is 5508 it use just WLC mgt IP). AP will add outer DSCP according to incoming frame WMM-UP value & QoS profile configured on the WLAN.In my example I have configured Platinum QoS profile which is the highest QoS profile configured for sensitive traffic such as VoIP. AP will map WMM_UP 6 into DSCP EF (see mapping table shown bottom of this post) om outer IP header.

But if you look at the same packet on G1/0/1 (towards WLC- see below capture) you would see this outer DSCP value has been change to 0. Why is this ?

This is because switch ports will not trust DSCP/CoS of a incoming packet by default. Therefore even packet coming to Fa1/0/13 mark with EF (mapped to outer DSCP) switch will rewrite it to DSCP0 before sending out G1/0/1. If you configure “mls qos trust DSCP” on fa1/0/13 then you would see the packet capture at G1/0/1 something like below. Note that now Outer DSCP value is preserved as EF.

If you look at G1/0/1 captures carefully,you would see there are two packets corresponds to this conversation(7921->PC). One with CAPWAP encapsulation (from AP to WLC) & other with normal packet towards wired PC.  Packet towards PC should have the original DSCP set up (EF). Below confirms that.

But if you look at outgoing packet at Fa1/0/4 (towards CME & Wired PC), you will see again DSCP  value change to 0. This is due to the same reason, as Gi1/0/1 will not trust DSCP/CoS value of incoming packet by default, & rewrite to DSCP0.

To preserve the original DSCP value you have to configure “mls qos trust DSCP|CoS” on the interface connected to WLC. Cisco’s best practice is to trust the CoS value as switch port is configured as Layer 2-Trunk. Then switch will trust this CoS value of the incoming packet from Controller & re-write DSCP correspond to this CoS value prior to send it to wired infrastructure(via fa1/0/4). Below shows the capture at Fa1/0/4 when WLC connected switch (G1/0/1) configured for “mls qos trust cos

Still here you can configure “mls qos trust dscp” & preserve the QoS values end to end. In this way switch will not re-write DSCP based on the incoming CoS value & hence cannot impose WLC QoS values to user traffic.

Following is the QoS related configs on the CAT2.

mls qos
mls qos map cos-dscp 0 8 16 24 32 46 48 56
interface FastEthernet1/0/13
description LWAP
mls qos trust dscp
interface GigabitEthernet1/0/1
description WLC1 Trunk
mls qos trust cos

Following diagram summarized these QoS parameter mapping at the AP & WLC in a unified wireless deployment model (CAPWAP). We looked at Step 3 & 4 in this post.

Since my WLAN QoS profile is set to Platinum outer DSCP value was remain as EF. But if my QoS profile was Gold, then what would be the outer DSCP when it goes from AP ? It won’t be EF as QoS profile Gold does not allow EF (max is AF41 ).So outer DSCP capped to AF41 (even though inner DSCP is EF). Below table show the WMM user priority values & corresponding DSCP mapping values in each QoS profile.

Below two YouTube video post from Jerome Henry explain this in detail & you must watch those.

Wireless QoS, part 3-a by Jerome Henry
Wireless QoS, part 3-b by Jerome Henry

In the next post will see how the return traffic (PC -> C7921) QoS value get change at the transit points.(Fa1/0/4, G1/0/1, WLC,  Fa1/0/13 & AP )

Related Posts

1. Understanding Wireless QoS – Part 2
2. Understanding Wireless QoS – Part 3
3. Understanding Wireless QoS – Part 4
4. Understanding Wireless QoS – Part 5
5. 3750/3560/2960 Wired QoS
6. Who do you trust ? (DSCP or CoS)
7. BYOD with QoS
8. QoS for H-REAP
9. VoIP Phone – Switchport Config
10. Autonomous AP – QoS
11. AAP QoS – A Closer Look
12. WMM & QoS Profile