In this post I will look at closely WLC connected switch port QoS configurations. As you know there are 3 values you can trust. DSCP, IPP (layer 3 packet ) & CoS (layer 2 frame). DSCP is the most commonly used value for QoS of a IP packet (as it gives lots of flexibility when classifying traffic).IPP is 3 bit value for layer 3 QoS marking and have less flexibility (8 different values only). If switch is layer 2 (not capable of viewing IP header information) option is to trust CoS. Again this depend on your choice what would you like to trust when packets get entered to your network.
First, we will see how things works when packets going from wireless client to wired client. When packet is coming from AP to WLC, prior to going out to WLC connected switch-port, it will add 802.1p value to the layer 2 frame based on DSCP->CoS mapping of the switch configuration. G1/0/1 is configured to trust CoS or DSCP won’t change this behavior as packet is going egress direction towards WLC. But when WLC send packet to wired client, depending on the trust model this behavior is vary. If you trust CoS value, then switch will rewrite IP packets DSCP value based on the CoS->DSCP mapping table. Therefore original DSCP values EF, 00 & CS2 ended up with EF, CS3 & 00 (noted the changes occurred during transit)
But if you trust DSCP at G1/0/1(instead of CoS/802.1p) switch won’t rewrite outer DSCP value prior to go to PC via fa1/0/4, simply trust the incoming DSCP (which is original packet’s DSCP) & passed on to next hop in the wired infrastructure. Which is really great as you will preserve original DSCP value set by the wireless client. Note that no changes occur to original packet’s DSCP (EF, 00 & CS2) when it received by the PC (diagram only shows from AP where original packet DSCP will go inside the CAPWAP header without any changes) .
Now we will see what happen to the return traffic (wired to wireless). when the packet comes to G1/0/1 (from wired side) switch will add 802.1p value to layer 2 frame based on the DSCP->CoS mapping. Trusting CoS or DSCP at G1/0/1 won’t make any difference to this. But when traffic goes from WLC to AP, trusting DSCP or CoS will make a difference.If you trust CoS, then switch will rewrite outer DSCP based on the incoming CoS, this rewrite could lead to change of outer DSCP value set by WLC. Due to this AP may receive different outer DSCP value compare to value set by WLC. But again this will only impacting outer DSCP value (affecting QoS in wireless media or WMM_UP mapping at the AP) & inner DSCP value preserved. Note that in this example outer DSCP changed from AF31 to CS3 when it goes from WLC to AP.
But if you trust DSCP at the WLC connected switch port (G1/0/1) switch will trust the outer DSCP value & preserve it as set by the WLC. Which is great as no rewrite of DSCP. In this time outer DSCP & inner DSCP both preserved when packet goes from WLC to AP.
In summary, if you trust CoS value at WLC connected switchport original packet DSCP value get alter when traffic is going from wireless client to wired client due to CoS-DSCP rewrite of the switch. If you trust DSCP original values preserved. From wired client to wireless original packet DSCP will preserved irrespective to trust CoS or DSCP.
So choice is yours, I prefer to trust DSCP option as it will preserve original DSCP (almost) set by wireless client & no cos-dscp rewrite for the WLC-wired PC traffic/ WLC to AP capwap traffic.
But keep in mind this is NOT the Cisco’s best practice. So in the exam if they asked to configure without giving any hint for DSCP or CoS, you have to configure WLC connected switch port to trust CoS.
1. Understanding Wireless QoS – Part 1
2. Understanding Wireless QoS – Part 2
3. Understanding Wireless QoS – Part 3
4. Understanding Wireless QoS – Part 4
5. Understanding Wireless QoS – Part 5
6. 3750/3560/2960 Wired QoS
Nick B said:
great post very very helpful
Omar Hegazy said:
Cisco now recommends to trust DSCP everywhere 🙂
Yes, WLC 8.0 onward you can do this
Ankit Yadav said:
Thanks for sharing the valuable information.