thanks for your reply. the point is (and that is for sure not properly described in my first sentences) that every traffic is tunneled via capwap to the central controller. we have data-users of our enterprise and guest-users on different ssid´s. moreover we use voice over wireless and the goal is to mark down only the traffic of the guest users.

both data-entities do not use WMM. so i can not mark the traffic when the traffic leaves the acces-point because i can not distinguish any more if it is date-enterprise or data-guest. i can distinguish voice-traffic because they use EF due to wmm. but as i mentioned i dont have te possibility on the switch to distinguish between different data-users.

so the only key is the ssid and the question is if it is possible to mark every traffic on a special ssid with a dscp-value even if the clienst don´t use WMM. i tried with qos-profile bronze and the dot1p-tag but i don´t think that this is working

br

heinz

Thanks Heinz for explanation.

If you set the QoS to bronze then that is exactly what you need to do.

Just make sure you configure the QoS profile 802.1p value or otherwise the QoS config under WLAN will have no effect.

from WLC GUI under Wireless -> QoS -> Profile -> Bronze, and under "Wired QoS Protocol" choose 802.1p from the dropbox menu and configure the 802.1p tag to be 1 (which is the default if you select 802.1p from the drop box).

Classification based on the SSID the way you described is not unfortunately possible AFAIK.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Good conversation guys ...

So 802.1p on the WLC doesnt mark up. It will mark down.

If enterprise and guest data both come in at 0 and 802.1p states enterprise data should be a 3, it wont mark up.

This is my understand. But QoS isnt my strong point at this very moment. Any thoughts on this ?

As for marking. You are on target with your thinking. If a devices marks the frames it will carry over to a DSCP value in the capwap hader. if its doesnt I think you are SOL.

Lets keep this conversation going ..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

@amjad: thanks again for your description.

so you have the opinion that it is not possible to mark traffic leavin the access-point with a special dscp-value (perhaps derived from a 802.1p value in the qos-profile) when the original traffic doesn´t contain dscp or 802.11e-values? (sorry to ask again but the whole stuff is quite complex).

unofrtunately this is what i see in test and this doesn´t make me happy. i also see a weakness in cisco-design because i believe it is a common topology to use wlan-access-points in a wide area network in local mode (everything tunneled in capwap) and central controllers. if several ssid´s are deployed where clients don´t use 802.11e and dscp-marking i can not prioritze the traffic on the wan-router because i only see capwap-packets not knowing which kind of traffic it is transporting.

my last hope is this link

http://blog.ipexpert.com/2011/03/28/wlc-qos-802-1p-profile-wmm-disabled/

there a CCIE states:

"In other words, if the SSID is set to use the Platinum QoS Profile,  which is set to have a maximum 802.1p value of 6, and the SSID has WMM  Disabled, then all traffic received from clients will be marked with  DSCP EF.  If the 802.1p value is changed to 5, then all client traffic  will be marked with DSCP AF41."

-->this is exactly what i need...

is it possible that there is a difference in behaviour if WMM is disabled/enabled on the ssid?

thanks for your clear answer although it is not what i have hoped to hear :-)

in any case my last hope is that there still exists a possibility that traffic from a non-wmm client with dscp 0 can be marked. perhaps there is a special constellation how to achieve that

this hope is also strengthened through this sentence from a cisco documentation:

"When the access point receives a frame from a regular (non-WMM)            client, the access point uses the default 802.11e priority or WMM            value for the QoS policy that is assigned to that client or WLAN ID            and translates the value to the DSCP value."

i would interret this as exactly what i need...or am i wrong with this interpretation??

Non WMM clients fall into the legacy queues and not the 4 queues that WMM clients fall into.  What you need to realize is that the WMM is for the RF and that decides what QoS the client will get in the air.  When you are talking about dscp, that is from the application and the WLC doesn't change that at all.  So if an application sets a dscp of 0 and you don't like that and you wan tot set it to 3 or 5 for example, you have to remark that on the wire using policy maps or something.  The WLC doesn't change that field at all.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

hi scott. many thanks for your answer.

do you see any other possibiltiy to distinguish between traffic from two data-ssids on the wired side of the access-point (which is using capwap)? one ssid is used for enterprise users and another one is used for guest-user. both entities don´t use WMM but the enterprise user should be protected so that external users can not affect the internal traffic.

Is your infrastructure gigabit?  If so, I wouldn't worry about it.  You can always rate limit the guest ssid if you are worried about guest taking all the bandwidth.  QoS should be end to end, but if your clients don't support QoS, then you can't do much.  You must look at other methods, but I don't really know what the real reason you want to do this.  So give me a reason or what your requirements are and maybe we can give you various options.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

that´s the problem we use decentralized access-points and centralized controllers connected by wan-connections with 2 mbit. hreap is not allowed due to security policy (internet traffic must be tunneled to the central firewalls, the only layer-3 hop can be a firewall).

i have read this sentence several times. but what does it exactly mean?? is it the same situation compared to mine? i had a look into the design guide of 7920 and there it is stated that the telephone marks packets with a dscp-value. so this is different because my clients don´t mark any traffic with dscp.

when i read the sentence above it would mean to me that every packet is marked with EF. this is exactly what i need. but it seems that it doesn´t work in this way

The WLC and the AP will keep any DSCP markings it gets from the client (AP side) and the WLC (Switch side). The WLC and AP will not change that value at all. The WLC can police the markings is the device has a higher dscp value than what is stated for that WLAN SSID.

So what you have seen when you sniffed the traffic is correct. It's the same if you didn't have QoS on the wire side and you did implement it on the wireless side. Traffic would get marked EF on the wire from the AP to the WLC and from the switch back to the WLC. From the client to the AP, the WLC can place the packet in the correct queues (4 of them). Since you don't have QoS on the wired side, the network doesn't trust the packet and marks that as EF. Then it leaves the WLC to the destination and the WLC preserves that marking as EF and all the way back from the destination to the AP the marking will be EF. Now from the AP to the client it will be in one of the four queues depending on what type of traffic it is (WMM).

So if you take a look at this, you can't change what queue the traffic is placed on unless the client is WMM. Non WMM is placed in the default queue and this is strictly for RF. Now you don't have to trust this dscp markings if you don't want to. You can now police this and create a policy map to change the dscp value of a packet as it transverse the wired side. But when it comes back to the AP and has to be sent to the device, it will either put the traffic in one of four queues (WMM) or in the default Best Effort queue.

Sent from Cisco Technical Support iPhone App