, ,

In this post we will see how to configure QoS for wired & wireless ports based on its role.I have taken two example of VoIP phone connected switchprot (wired port) & AP connected switchport (wireless port).

Here is our CA topology & I will focus on 3850-2 switch for this QoS configuration. IOS-XE 3.3.1 is used for this post & behavior may be different if you are using an earlier version of software code.

3850-QoS-P3-01I have configured two switch-ports (G1/0/11 & 12) in 3850-2 switch for VoIP phones as shown below

interface GigabitEthernet1/0/11
 description VOIP-1
 switchport access vlan 13
 switchport mode access
 switchport voice vlan 989
 spanning-tree portfast
interface GigabitEthernet1/0/12
 description VOIP-2
 switchport access vlan 13
 switchport mode access
 switchport voice vlan 989
 spanning-tree portfast

Now let’s see make a call between these two phones & see how QoS parameters change. I have configured below SAPN session & my monitoring PC (BackTrack) connected to G1/0/47 of this switch.

3850-2#sh run | in session
monitor session 1 source interface Gi1/0/11
monitor session 1 destination interface Gi1/0/47 encapsulation replicate
3850-2#sh run int g1/0/47
interface GigabitEthernet1/0/47

Here is the packet captures of signaling & RTP media packets coming from VoIP-1 phone connected to G1/0/11. Similarly Packets coming from VoIP-2 should have these classification when it comes to G1/0/12.

3850-QoS-P3-023850-QoS-P3-03Now If we are look at packet going to VoIP-1 (only RTP traffic since signalling go back to CUCM). As you can see traffic going to VoIP-1 has EF (or Priority 5 in dot1q header) which is same as incoming values from VoIP-2. This is very important thing to remember in this 3850 platform, which is by default QoS values (DSCP or CoS)  received by a wired switchport will be trusted & pass-through to another wired switchport without a change.

3850-QoS-P3-04Now let’s see how this work when make a call between wireless phone to wired phone. To do this we will create a open authentication wlan called “3850” & map it to vlan 1410 under the AP group where L3602-1 configured for. (I used no broadcast-ssid since I am doing this in office environment & do not want to visible to normal users). Also I will uesd iPhone5 to illustrate QoS mapping changes as well.

3850-2(config)#wlan 3850 17 3850
3850-2(config-wlan)# no broadcast-ssid
3850-2(config-wlan)# client vlan WLN-STD-6
3850-2(config-wlan)# radio dot11a
3850-2(config-wlan)# no security wpa
3850-2(config-wlan)# no shutdown

3850-2#show ap groups 
Site Name: default-group
Site Description: 
WLAN ID   WLAN Name                        Interface
AP Name                         Ethernet MAC      Location
Site Name: SPG1-PW00
Site Description: 
WLAN ID   WLAN Name                        Interface
21        LTUWireless                      WLN-STD-6               

AP Name                         Ethernet MAC      Location
L3702-1                          7cad.74ff.2bc6 default location
L3602-1                          4c00.82df.a4c1 default location

3850-2(config)#ap group SPG1-PW00
3850-2(config-apgroup)#wlan 3850
3850-2(config-wlan-apgroup)#vlan 1410

You can verify wireless client connectivity details as below. iPhone5 detail highlighted in purple color.

3850-2#show wireless client summary 
Number of Local Clients : 1
MAC Address    AP Name                          WLAN State              Protocol 
04f7.e4ea.5b66 L3602-1                          17   UP                 11n(5)   
2c54.2dea.f4ea L3602-1                          17   UP                 11a        

3850-2#show wireless client mac-address 04f7.e4ea.5b66 detail 
Client MAC Address : 04f7.e4ea.5b66
Client Username: N/A
AP MAC Address : f84f.57e3.1460
AP Name: L3602-1
AP slot : 1
Client State : Associated
Wireless LAN Id : 17
Wireless LAN Name: 3850
BSSID : f84f.57e3.146e
Connected For : 2851 secs 
Protocol : 802.11n - 5 GHz
Channel : 36
Client IIF-ID : 0xf2a50000000025
ASIC : 0
IPv4 Address :
IPv6 Address : Unknown
Association Id : 2
Authentication Algorithm : Open System
Status Code : 0
Session Timeout : 0
Client CCX version : No CCX support
Input Policy Name  : unknown
Input Policy State : None
Output Policy Name  : unknown
Output Policy State : None
802.1P Priority Tag : Not supported
WMM Support : Enabled
U-APSD Support : Disabled
Power Save : ON
Current Rate : m7

If you do a wireless packet capture you would see the wireless frames coming from this iPhone5. I am using Jabber Voice (v9.1.6.21640) as the voice client. Here is a RTP packet coming from iPhone5. As you can see WMM-UP value is 5 even though actual IP packet DSCP is EF.In fact this should mark as priority 6 as per 802.11e standard, but most of these devices not correctly mark UP value.(if it is 7925G it is marked UP as 6 🙂 ). In CA, when AP mapping DSCP values to outer CAPWAP, it will NOT based on the UP value, but simply copy the original packet DSCP (you can change this using UP to DSCP mapping table)

3850-QoS-P3-02Now let’s take a look at the packet capture at G1/0/2 wireless port while we are making a call between iPhone5 to VoIP-2.

interface GigabitEthernet1/0/2
 description L3602-1
 switchport access vlan 1610
 switchport mode access
 spanning-tree portfast
interface GigabitEthernet1/0/47
monitor session 1 source interface Gi1/0/2
monitor session 1 destination interface Gi1/0/47

Here is the capture output (at G1/0/2) of a signalling packet & RTP media traffic coming from iPhone5 to 7965 wired phone. As you can see the outer CAPWAP DSCP value is EF & CS3 respectively, This is simply copy from the original packet DSCP onto outer CAPWAP header. Also note that UP value are 5 & 0 respectively, but that is not in use when derive the outer CAPWAP (This is a major difference in CA compare to CUWN where it will derive based on WMM-UP value)

Also note that I have removed default “untrust” behavior of this switch platform when traffic traverses wireless to wired or vice versa. If you do not do this outer CAPWAP DSCP will be re-written to BE (0x00) at this point.

3850-2(config)#no qos wireless-default-untrust


3850-QoS-P3-07Now if you look at G1/0/12 packet capture you will see what QoS values goes when it received by VoIP phone. As you can see WCM/Switch has re-written the 802.1q header CoS value & original packet DSCP based on the UP values (This is something I did not expect, but capture prove it is)

Below capture shows VoIP phone getting the packet with DSCP AF41 (instead of EF) & 802.1q CoS value of 4.

3850-QoS-P3-04Here is the signaling packet going out of trunk port (G1/0/48), since UP value came with 0, WCM rewritten the 802.1p to 0, then switch port rewrite original packet DSCP to 0 based on that.

3850-QoS-P3-10So it is important to classify your traffic Based on a corporate QoS policy, rather trusting DSCP (or WMM-UP value for wireless frames), since there is no consistency of these different clients.

In a future post we will see how to classify traffic in order to get same treatment for wired & wireless traffic across the network.

Related Posts

1. 3850 QoS – Part 1 (QoS Touch Points)
2. 3850 QoS – Part 2 (Queuing Models)
3. 3850 QoS – Part 4 (Wireless QoS Mapping)
4. 3850 QoS – Part 5 (Traffic Classification)