11-10-2014 06:23 AM - edited 03-07-2019 09:27 PM
Hi Experts,
(I am fairly new to QoS so please excuse any obvious errors/omissions etc)
I have been asked to look at implementing QoS policing or shaping on our branch routers to limit the amount of bandwidth that is used by wireless users. Each branch office has a Cisco 2951 router (running c2951-universalk9-mz.SPA.153-2.T2.bin) that has its own pipe (of varying capacity ranging from 10mbps-100mbps) that connects it to the hub (data centre). Each branch uses Cisco APs that connect back to the WLC5508 controller in the Hub site using FlexConnect central switching and all traffic between client and the server is CAPWAPP encapuslated. The APs reside on a dedicated VLAN with their own sub-interface on the 2951 router
Each branch router already has the following service policies associated with it
WAN Interface (Policy applied OUTBOUND) - [This is where the controller resides]
policy-map CBWFQ-QOS
class Voice+Routing
priority percent 10
class Video+Signalling
bandwidth percent 20
class Citrix+RDP
bandwidth percent 40
class Scavenger
bandwidth percent 1
class class-default
bandwidth percent 29
!
policy-map QOS-100Mb
class class-default
shape average 100000000
service-policy CBWFQ-QOS
!
interface GigabitEthernet0/0
bandwidth 100000
service-policy output QOS-100Mb
LAN Interface (Policy applied INBOUND) - [This is where the AP's resides]
policy-map QoS-Classification
class Mark_Voice-RTP
set dscp ef
class Mark_Voice-Control
set dscp af31
class Mark_Video-RTP
set dscp af41
class Mark_Video-Control
set dscp af31
class Mark_Citrix-RDP
set dscp af11
class Mark_Telnet-SNMP
set dscp af12
class Mark_SSH
set dscp af13
class class-default
set ip dscp default
!
interface GigabitEthernet0/1.X
service-policy input QoS-Classification
I know we can make use of the QoS feature on the controller but would then end up having separate SSIDs per site (since each site has different uplink bandwidth) something which is not very efficient for obvious reasons. I have done some research on the possible solution and would like to share the proposed config so would appreciate if the experts out here can provide feedback and suggest any other better way of achieving this
# Create ACL to be used in class-map and match on CAPWAPP Control (5246) and data (5247)
ip access-list extended WIFI-CAPWAPP-ACL
permit udp any host <controller IP> range 5246 5247
!
# Create Class-Map to match above ACL
class-map match-all WIFI-CAPWAPP-CM
description Match CAPWAP traffic between Controller and AP
match access-group name WIFI-CAPWAPP-ACL
!
# Since the AP sub-interface on the 2951 already has policy applied in the inbound direction, remove the existing policy and create new policy to include new class statements and the existing ones
policy-map WIFI-PM
description Policing to limit CAPWAP WIFI traffic to 20% of Bandwidth
class WIFI-CAPWAPP-CM
police cir percent 20 conform-action transmit exceed-action drop
class Mark_Voice-RTP
set dscp ef
class Mark_Voice-Control
set dscp af31
class Mark_Video-RTP
set dscp af41
class Mark_Video-Control
set dscp af31
class Mark_Citrix-RDP
set dscp af11
class Mark_Telnet-SNMP
set dscp af12
class Mark_SSH
set dscp af13
class class-default
set ip dscp default
!
# Apply the new policy to the LAN interface (Wireless AP interface)
interface GigabitEthernet0/1.X
service policy input WIFI-PM
Any feedback is greatly appreciated
Thanks
11-10-2014 01:50 PM
Each branch office has a Cisco 2951 router (running c2951-universalk9-mz.SPA.153-2.T2.bin) that has its own pipe (of varying capacity ranging from 10mbps-100mbps) that connects it to the hub (data centre).
Let me get this straight ... You've got sites with 100 Mbps and you're using a tiny 2951 router? And let me guess, these sites are experiencing slow connection?
If the answer to these two questions are "yes" then my answer is this: Your QoS config won't many any difference because the 2951 is NOT designed for 100 Mbps. 2951 can do up to about 80 Mbps. If you want 100 Mbps router then you're potentially looking at a 3925E, 3945 or the newly-released 4331/4351 routers.