In this post we will look at how to configure QoS for a switch port where H-REAP is connected. In this example we are considering H-REAP local switching scenario & normally a switch port is configured as Trunk port to facilitate this. Here is the basic set up for this post.
Here is the switch port configuration of H-REAP & Wireshark PC.
R3750# interface FastEthernet1/0/4 switchport trunk encapsulation dot1q switchport trunk native vlan 50 switchport trunk allowed vlan 50,146 switchport mode trunk spanning-tree portfast trunk ! interface FastEthernet1/0/7 switchport trunk encapsulation dot1q switchport mode trunk ! monitor session 1 source interface Fa1/0/4 monitor session 1 destination interface Fa1/0/7 encapsulation replicate
So what should you trust to give better QoS, CoS or DSCP ? Let’s see what’s best suit in this scenario by looking at the packet capture of H-REAP connected switch port (Fa 1/0/4). Let’s look at two different traffic type (management & user traffic).
Here is CAPWAP control (udp 5246) traffic coming from H-REAP. As you can see there is no layer 2 tag (as Vlan 50 is native vlan on the trunk link) & hence no QoS information in the layer 2 header packet coming from H-REAP (192.168.50.52), though original IP packet is having CS6 DSCP value.
Here is a data packet coming from wireless phone. As you can see that packet include layer 2 tag (VLAN 146) which include CoS (or priority) value for QoS. In this case RTP traffic marked to CoS value 5.
Now, if you considering trusting CoS value for the switch port (Fa 1/0/4) connected to H-REAP all you control traffic marked with default CoS 0 (as no QoS value comes in layer 2). All other tagged vlan traffic will trust CoS value coming in those frames.
On the other hand if you trusting DSCP for Fa 1/0/4, then both management traffic & user traffic will get prioritized based on original packets DSCP value (ignoring AP imposed CoS value for tagged frame).
Therefore you have to trust DSCP if you want to provide QoS for ALL traffic coming from H-REAP which include management traffic & user traffic.
R3750(config-if)#do sh run int fa1/0/4 interface FastEthernet1/0/4 switchport trunk encapsulation dot1q switchport trunk native vlan 50 switchport trunk allowed vlan 50,146 switchport mode trunk mls qos trust dscp spanning-tree portfast trunk
Now we will look how a packet capture with different QoS profile (Platinum, Gold, Silver, Bronze). In the above RFC-3580 WLAN QoS profile was set to Platinum. Let’s change it to Silver & see a packet capture. As expected in this time layer 2 CoS value is capped as per the Silver Profile, even though layer 3 DSCP is EF.
Since we are trusting DSCP packet will get the EF priority irrespective of the layer2 CoS value. So it is very important to understand we cannot keep AP imposed QoS (based on QoS-Profile) preserved in this scenario (trust DSCP) unless you trust CoS on that switch port. If you trust CoS then no way of giving required QoS for management traffic coming from H-REAP(since those are un-tagged).
If you consider H-REAP central switching scenario, still you have to trust DSCP in order to preserve outer CAPWAP information for H-REAP to WLC communication.
So in conclusion what should you trust in H-REAP deployment, answer is IT DEPENDS.
1. If you want to classify ALL traffic (management & user traffic) based on the packet DSCP value then you have to trust DSCP at the switch port. In this case AP imposed QoS (based on WLAN QoS profile value) will be not enforced as switchport is trusting DSCP & not CoS.
2. If you are considering only user traffic & you want to preserve the QoS value impose by AP then you have to trust CoS. In this scenario ONLY user traffic will be classified correctly where 802.1q tag comes with the frame.
1. Understanding Wireless QoS – Part 1
2. Understanding Wireless QoS – Part 2
3. Understanding Wireless QoS – Part 3
4. Understanding Wireless QoS – Part 4
5. Understanding Wireless QoS – Part 5
6. 3750/3560/2960 Wired QoS
7. Who do you trust ? (DSCP or CoS)
8. BYOD with QoS