Hi,
I already have implemented an SDA fabric. I also have branch switchs managed by DNAC.
I have created 2 application policy (HQ_policy and Branch_Policy) which are identical. I have keep the CVD application application, I have only requalified 2 ms-teams applications.
These application are succesfully deployed on my switchs :
interface gi1/0/x
service-policy input DNA-MARKING_IN
service-policy output DNA-dscp#APIC_QOS_Q_OUT
I
have to deploy a new wireless infrastructure (Catalyst 9800-L with Catalyst 9100 AP).
AP in Branch will be configured in Flexconnect mode.
AP in HQ will be configured in Fabric mode.
I have noticed that "service-policy input DNA-MARKING_IN" policy is disabled the on switch ports hosting an access point managed by DNAC (via WLC managed by DNAC).
So, I have to properly classify and mark traffic directly on the AP (which is able to run NBAR but maybe with some limitations/restrictions).
Unfortunately, I don't have found clear documentation in order to implement this configuration.
I have tried to create a wireless Application Policy (CVD) and the preview is the following :
class-map match-any MYSSID_BROADCAST_e8b028b0
match protocol dmp
match protocol cisco-tv
match protocol cisco-ip-camera
class-map match-any MYSSID_MM_STREAM_e8b028b0
match protocol pcoip
match protocol citrix
match protocol ms-wbt
class-map match-any MYSSID_SCAVENGER_e8b028b0
match protocol bittorrent
match protocol bittorrent-networking
match protocol consumer-cloud-storage
class-map match-any MYSSID_OAM_e8b028b0
match protocol auth-service
match protocol active-directory
match protocol cisco-rtmt
class-map match-any MYSSID_BULK_DATA_e8b028b0
match protocol box
match protocol crashplan
match protocol backup-service
class-map match-any MYSSID_TRANS_DATA_e8b028b0
match protocol jabber
match protocol cisco-jabber-im
match protocol db-service
class-map match-any MYSSID_CONTROL_e8b028b0
match protocol isakmp
match protocol bgp
match protocol ospf
class-map match-any MYSSID_VOICE_e8b028b0
match protocol cisco-spark-audio
match protocol cisco-jabber-audio
match protocol cisco-media-audio
class-map match-any MYSSID_REALTIME_e8b028b0
match protocol telepresence-media
class-map match-any MYSSID_SIGNALING_e8b028b0
match protocol ms-lync-control
match protocol cisco-phone-control
match protocol cisco-jabber-control
class-map match-any MYSSID_MM_CONF_e8b028b0
match protocol cisco-jabber-video
match protocol cisco-ip-sla
match protocol cisco-media-video
policy-map MYSSID_DNA-MARKING_e8b028b0
class MYSSID_BROADCAST_e8b028b0
set dscp 40
class MYSSID_MM_STREAM_e8b028b0
set dscp 26
class MYSSID_SCAVENGER_e8b028b0
set dscp 8
class MYSSID_OAM_e8b028b0
set dscp 16
class MYSSID_BULK_DATA_e8b028b0
set dscp 10
class MYSSID_TRANS_DATA_e8b028b0
set dscp 18
class MYSSID_CONTROL_e8b028b0
set dscp 48
class MYSSID_VOICE_e8b028b0
set dscp 46
class MYSSID_REALTIME_e8b028b0
set dscp 32
class MYSSID_SIGNALING_e8b028b0
set dscp 24
class MYSSID_MM_CONF_e8b028b0
set dscp 34
class class-default
set dscp 0
wireless profile policy MYSSID_Floor__F_99728d0e
service-policy output MYSSID_DNA-MARKING_e8b028b0
service-policy input MYSSID_DNA-MARKING_e8b028b0
exit
The application policy is similar to the both wired application policy but the configuration are completly different.
Wired marking DNA-MARKING_IN :
class-map match-any DNA-MARKING_IN#REALTIME_CUSTOM
class-map match-all DNA-MARKING_IN#MM_STREAM
match protocol attribute traffic-class multimedia-streaming
match protocol attribute business-relevance business-relevant
class-map match-all DNA-MARKING_IN#OAM
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all DNA-MARKING_IN#CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-any DNA-MARKING_IN#TRANS_DATA_CUSTOM
class-map match-all DNA-MARKING_IN#MM_CONF
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
class-map match-all DNA-MARKING_IN#SCAVENGER
match protocol attribute business-relevance business-irrelevant
class-map match-all DNA-MARKING_IN#SIGNALING
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all DNA-MARKING_IN#BROADCAST
match protocol attribute traffic-class broadcast-video
match protocol attribute business-relevance business-relevant
class-map match-all DNA-MARKING_IN#BULK_DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all DNA-MARKING_IN#VOICE
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
class-map match-any DNA-MARKING_IN#CONTROL_CUSTOM
class-map match-any DNA-MARKING_IN#MM_STREAM_CUSTOM
class-map match-any DNA-MARKING_IN#OAM_CUSTOM
match access-group name DNA-MARKING_IN#OAM_CUSTOM__acl
class-map match-all DNA-MARKING_IN#REALTIME
match protocol attribute traffic-class real-time-interactive
match protocol attribute business-relevance business-relevant
class-map match-any DNA-MARKING_IN#VOICE_CUSTOM
class-map match-any DNA-MARKING_IN#SCAVENGER_CUSTOM
class-map match-any DNA-MARKING_IN#SIGNALING_CUSTOM
class-map match-any DNA-MARKING_IN#BROADCAST_CUSTOM
class-map match-any DNA-MARKING_IN#BULK_DATA_CUSTOM
class-map match-all DNA-MARKING_IN#TRANS_DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-any DNA-MARKING_IN#MM_CONF_CUSTOM
class-map match-any DNA-MARKING_IN#TUNNELED-NBAR
match access-group name DNA-MARKING_IN#TUNNELED-NBAR__acl
ip access-list extended DNA-MARKING_IN#OAM_CUSTOM__acl
10 permit tcp any any eq domain
20 permit tcp any any eq 5353
30 permit udp any any eq domain
40 permit udp any any eq 5353
ip access-list extended DNA-MARKING_IN#TUNNELED-NBAR__acl
10 permit udp any any eq 5246
20 permit udp any any eq 5247
30 permit udp any any eq 4789
!
policy-map DNA-MARKING_IN
class DNA-MARKING_IN#TUNNELED-NBAR
class DNA-MARKING_IN#VOICE_CUSTOM
set dscp ef
class DNA-MARKING_IN#BROADCAST_CUSTOM
set dscp cs5
class DNA-MARKING_IN#REALTIME_CUSTOM
set dscp cs4
class DNA-MARKING_IN#MM_CONF_CUSTOM
set dscp af41
class DNA-MARKING_IN#MM_STREAM_CUSTOM
set dscp af31
class DNA-MARKING_IN#CONTROL_CUSTOM
set dscp cs6
class DNA-MARKING_IN#SIGNALING_CUSTOM
set dscp cs3
class DNA-MARKING_IN#OAM_CUSTOM
set dscp cs2
class DNA-MARKING_IN#TRANS_DATA_CUSTOM
set dscp af21
class DNA-MARKING_IN#BULK_DATA_CUSTOM
set dscp af11
class DNA-MARKING_IN#SCAVENGER_CUSTOM
set dscp cs1
class DNA-MARKING_IN#VOICE
set dscp ef
class DNA-MARKING_IN#BROADCAST
set dscp cs5
class DNA-MARKING_IN#REALTIME
set dscp cs4
class DNA-MARKING_IN#MM_CONF
set dscp af41
class DNA-MARKING_IN#MM_STREAM
set dscp af31
class DNA-MARKING_IN#CONTROL
set dscp cs6
class DNA-MARKING_IN#SIGNALING
set dscp cs3
class DNA-MARKING_IN#OAM
set dscp cs2
class DNA-MARKING_IN#TRANS_DATA
set dscp af21
class DNA-MARKING_IN#BULK_DATA
set dscp af11
class DNA-MARKING_IN#SCAVENGER
set dscp cs1
class class-default
set dscp default
!
To summarize, I want to implement a consistent QoS marking and I don't know how to realize that in the wireless part (via DNAC, AP limitations,...).
I also have an other question : is it possible to implement QoS queuing on AP wired port ?
Many thanks in advance for your help.
Hugo
