In this post we will look at a wireless bridge configuration with QoS. Here is the topology for this post.
A VoIP phone (vlan 1) and a Laptop (vlan 6) is connected to a 2960 Switch where it is connected to Non-Root Bridge AAP2 (3502). A 3750 switch connected to a Root Bridge AAP1 (1142) where a wireless bridge is setup between AAP1 & AAP2 with native vlan 999 . All SVI, DHCP pools are defined on 3750 switch. A wireless phone is connected to network via a LAP (L1130) controlled by a WLC (4402-3)
I have not used any security for encryption/authentication (for simplicity). Also only configure 5 GHz (int d1). Here is the Root Bridge (AAP1) configuration looks like.
hostname AAP1 ! dot11 ssid MGMT vlan 999 authentication open infrastructure-ssid ! interface Dot11Radio1 ssid MGMT station-role root bridge ! interface Dot11Radio1.1 encapsulation dot1Q 1 bridge-group 10 ! interface Dot11Radio1.6 encapsulation dot1Q 6 bridge-group 60 ! interface Dot11Radio1.999 encapsulation dot1Q 999 native bridge-group 1 ! interface GigabitEthernet0.1 encapsulation dot1Q 1 bridge-group 10 ! interface GigabitEthernet0.6 encapsulation dot1Q 6 bridge-group 60 ! interface GigabitEthernet0.999 encapsulation dot1Q 999 native bridge-group 1 ! interface BVI1 ip address 192.168.99.99 255.255.255.0 ! ip default-gateway 192.168.99.1
Here is the Non Root Bridge (AAP2) configuration
hostname AAP2 ! dot11 ssid MGMT vlan 999 authentication open infrastructure-ssid ! interface Dot11Radio1 ssid MGMT station-role non-root bridge ! interface Dot11Radio1.1 encapsulation dot1Q 1 bridge-group 10 ! interface Dot11Radio1.6 encapsulation dot1Q 6 bridge-group 60 ! interface Dot11Radio1.999 encapsulation dot1Q 999 native bridge-group 1 ! interface g0.1 encapsulation dot1Q 1 bridge-group 10 ! interface g0.6 encapsulation dot1Q 6 bridge-group 60 ! interface g0.999 encapsulation dot1Q 999 native bridge-group 1 ! interface BVI1 ip address 192.168.99.100 255.255.255.0 ! ip default-gateway 192.168.99.1
Once you configure like above you should see AAP2 is associate to AAP1. Your PC & 7965 phone should get IP from respective vlan via DHCP configured on 3750. You can verify AAP2 association like below.
AAP1#sh dot11 ass 802.11 Client Stations on Dot11Radio1: SSID [MGMT] : MAC Address IP address Device Name Parent State 64ae.0c91.9420 0.0.0.0 Br-client - 64ae.0c93.7590 Assoc 64ae.0c93.7590 192.168.99.100 bridge AAP2 self Assoc AAP1#show dot11 associations all-client Address : 64ae.0c91.9420 Name : NONE IP Address : 0.0.0.0 Interface : Dot11Radio 1 Device : Br-client Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : 64ae.0c93.7590 SSID : MGMT VLAN : 0 Hops to Infra : 0 Clients Associated: 0 Repeaters associated: 0 Address : 64ae.0c93.7590 Name : AAP2 IP Address : 192.168.99.100 Interface : Dot11Radio 1 Device : bridge Software Version : 12.4 CCX Version : 5 Client MFP : Off State : Assoc Parent : self SSID : MGMT VLAN : 999 Hops to Infra : 1 Association Id : 1 Clients Associated: 1 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : NONE Encryption : Off Current Rate : 54.0 Capability : WMM ShortHdr 11h Supported Rates : 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -50 dBm Connected for : 137591 seconds Signal to Noise : 42 dB Activity Timeout : 29 seconds Power-save : Off Last Activity : 1 seconds ago Apsd DE AC(s) : NONE
Now if you want to make sure QoS is configured end to end (VoIP phone to wireless phone) you can verify it like this. We will start from the 7965 end.
1. Since Phone is connected to switchport where voice vlan is configured, you have to trust CoS on R2960 G 0/1. You have to ensure QoS is enabled on switch & CoS to DSCP maps 5-> 46 & 3-> 26 for at least these two type of traffic (if you want any other DSCP values you can change this mapping table).
mls qos mls qos map cos-dscp 0 10 18 26 34 46 48 56 interface GigabitEthernet0/1 description VOIP+PC switchport access vlan 6 switchport mode access switchport voice vlan 1 priority-queue out mls qos trust device cisco-phone mls qos trust cos spanning-tree portfast
2. Then AAP2 is connected to R2960 via a trunk port. For the traffic coming from phone already trusted at G0/1, so that configuring QoS on G0/8 won’t impact traffic initiating from 7965. But traffic coming to 7965 is going to be impacted by the QoS config on G 0/8. Since AAP2 translated wireless frame UP value on to CoS value before sending it to R2960, you have to trust CoS in G0/8.
interface GigabitEthernet0/8 switchport trunk native vlan 999 switchport trunk allowed vlan 1,6,999 switchport mode trunk priority-queue out mls qos trust cos
3. You need to make sure 802.11e to AVVID mapping happening at the AAP2. This will ensure Priority 6 value converted to CoS 5 for RTP traffic & Priority 4 value converted to CoS 3 for SCCP signalling traffic (vice versa as well). By default radio interfaces is trusting WMM UP values of wireless frames. If not you have to enable it “dot11 qos mode wmm” CLI command under radio interface.
AAP2# dot11 priority-map avvid
Similar concept applies to AAP1 where you have to enable 802.11e to AVVID mapping.
AAP1# dot11 priority-map avvid
4. For AAP1 connected switchport, you have to trust CoS as user traffic comes with 802.1q header which include CoS value set by AAP1.
mls qos mls qos map cos-dscp 0 10 18 26 34 46 48 56 interface FastEthernet1/0/11 switchport trunk encapsulation dot1q switchport trunk native vlan 999 switchport trunk allowed vlan 1,6,999 switchport mode trunk priority-queue out mls qos trust cos
5. In the unified wireless section, WLC connected port, you have to trust CoS since controller is changing 802.1p value according to QoS configuration of the controller.
interface GigabitEthernet1/0/1 description 4402-3 switchport trunk encapsulation dot1q switchport trunk native vlan 999 switchport trunk allowed vlan 140,998 switchport mode trunk switchport nonegotiate priority-queue out mls qos trust cos channel-group 1 mode on spanning-tree portfast trunk
5. Finally for the L1130 connected switchport you have to trust DSCP as WLC to AP traffic is always CAPWAP & only DSCP value is in the IP header.
interface FastEthernet1/0/3 switchport access vlan 20 switchport mode access priority-queue out mls qos trust dscp spanning-tree portfast
6.Since SCCP signalling traffic is going between CME & phones (7965 & 7921), you have to trust packet marking of CME on the port fa1/0/14 of 3750. Since this is access port, only DSCP value exist on the packets coming from CME. So trust DSCP is the only choice.
interface FastEthernet1/0/14 description CME - INTERNET no switchport ip address 192.168.128.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mls qos trust dscp
Once you configure like this you could make sure end to end traffic QoS is preserved across you network.
I have taken two packet captures, one by SAPN port G0/8 of R2960 switch & the othe one by sniffing wireless packet in 5 GHz to see what’s going on the bridge.
Here is the SCCP & RTP traffic coming from the 7965 VoIP phone. You can see SCCP traffic comes with CoS of 3 & Voice traffic comes with CoS of 5.
If you look at the traffic to 7965 VoIP phone it will looks like this. You can see RTP traffic comes with CoS 5 & SCCP traffic comes with CoS 3. This proves end to end QoS is preserved from wireless phone to wired phone.
Now if you look at a wireless capture it will looks like this. Since AAP1 to AAP2 , it use IAPP (Inter Access Point Protocol) or 802.11f-2003 wireshark capture shows as “Encapsulated Ethernet” in the data section.
But you can verify wireless header information as below. You can verify BSSID of AAP1 & AAP2, then determine packets direction.
AAP1#sh dot11 bssid Interface BSSID Guest SSID Dot11Radio1 a40c.c31a.ee60 No MGMT AAP2#sho dot11 bssid Interface BSSID Guest SSID Dot11Radio1 64ae.0c93.7590 No MGMT
Based on the above information you can see the below frame is from AAP2 to AAP1. Based on the User Priority of wireless frame we can tell it is signalling traffic (SCCP) going from 7965 to CME. Since we configured “dot11 priority-map avvid” on AAP1 these priority value translate to CoS of 3 when it goes to 3750 fa1/0/11.
Here is the return traffic coming from AAP1 to AAP2, as you can see it has the similar priority in wireless frames.
Here is the RTP traffic wireless captures where you can see traffic comes with priority value of 6 in wireless frames.
Update @4th Aug:
I found the Wireshark version (1.6.1) I used for the above did not have the capability to decode IAPP messages. But when I installed the latest version of wireshark (1.10.1) I was able to see full information even inside the IAPP.
Here is the packet capture of SCCP traffic going from wired phone to CME within the wireless bridge. You can see clearly original dot1q packet came from phone (with Prioirty 3 & Vlan ID 1) convert into 802.11 frame with priority 4
Here is the wireless capture of RTP traffic going from Wired Phone. As you can see original 802.1q (Priority 5 & Vlan ID 1) packet is going inside IAPP. In wireless frame Priority will be 6.
1. Understanding Wireless QoS – Part 1
2. Understanding Wireless QoS – Part 2
3. Understanding Wireless QoS – Part 3
4. Understanding Wireless QoS – Part 4
5. Understanding Wireless QoS – Part 5
6. 3750/3560/2960 Wired QoS
7. Who do you trust ? (DSCP or CoS)
8. BYOD with QoS
9. QoS for H-REAP
10. VoIP Phone – Switchport Config
11. Autonomous AP – QoS
12. AAP QoS – A Closer Look
13. WMM & QoS Profile