Solved: Making a wireless VoWLAN only

Nikos Nicolaides · ‎08-21-2013

Hello,

I was wondering if there is a way to make WLAN available only for Voice; i.e. excluding all data traffic from the WLAN. Can i make an access list based on Jabber NBAR? Does any version of the WLC have this functionality?

My thought is since i will be designing the new wireless solution + BYOD (ISE), it would be good to put one SSID for VoWLAN. Is it feasible?

TIA,

Nicos Nicolaides

TIA, Nicos Nicolaides

Rasika Nayanajith · ‎08-22-2013

As others already stated, with BYOD + Jabber it is not convenient (from user point of view) to have different SSID purely for Voice, best would be having a single SSID with proper QoS.

If you still want to allow certain application on a given SSID you can use WLC 7.4.x onwards Application Visibility & Control (AVC) feature to do that. There are around 1k application signatures to detect (using NBAR2) whatever the application you want to allow/QoS mark/drop. Read below if you are interested on that option.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bed910.shtml

Regards

Rasika

View solution in original post

Rasika Nayanajith · ‎08-26-2013

Hi Snyder,

I agree with you. If I look into detail this is how I see it

A. Upstream traffic (from wireless client)

1. Client -> AP (if client support WMM & correct classification then only any sort of QoS or prioratization)

2. AP -> WLC (In the current model, CAPWAP DSCP depend on WMM-UP value)

3. WLC -> Wired (AVC could change QoS & imposed beyond this point)

B. Downstream (to wireless client)

1. wired -> WLC ( wired QoS determine what value goes to WLC)

2. WLC -> AP ( if needed AVC could change QoS based on recongnised application )

3. AP -> Client (WLC can control - Convert to WMM-UP values as per 802.1p -802.11e mapping table)

When Implementing QoS end to end, few points to remember

A-1 : cannot control at all (from WLC or network perspective)

A-2 : In current unified deployment model cannot do much, but with Converged Access (3850) you can implment your normal wired QoS for the wireless packets as well. No CAPWAP beyond access switch.

A-3 : Trusting CoS is the only option if you have to enforce WLC QoS

For downstream direction , you can better control it as outlined & wireless QoS is primaraly focusing that.

So in my view there is no 100% correct solution here, you have to configure QoS to improve the services as much as you can within the capability of these deployment methods & technologies.

HTH

Rasika

View solution in original post

Leo Laohoo · ‎08-21-2013

Sure, EVERYONE has this setup: One SSID for corporate, one SSID for Voice and one SSID for guests.

Put them all in one AP Group and push it out to your APs.

Read the document below:

Cisco Unified Wireless IP Phone 7925G , 7925G -EX, and 7926G Deployment Guide

George Stefanick · ‎08-21-2013

While you can. You will see some folks going to a single WLAN for voice and data using radius / ISE to manage qos.

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

migilles · ‎08-21-2013

You will want to ensure that Cisco "hard" phones capable of voice and/or video are connected to an SSID with Platinum QoS profile; also helps to ensure proper QoS tagging.

If you have a TSPEC capable client (e.g. Cisco 792x phone) on a Silver QoS profile, that will definitely not work.

But sure, you can have BYOD devices (smartphones, tablets, PCs/Macs, etc.) connecting to a "data" VLAN or any VLAN where you can limit access as necessary.

We are getting away from the explicit voice vs data concept as you pointed out, but there are still some guidelines to abide by.

But "voice" and "data" is still referred to in order to differentiate between Cisco "hard" phones and other devices.

George Stefanick · ‎08-21-2013

Mike

Is there any Cisco best practice documents on a single WLAN design ?

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

migilles · ‎08-21-2013

Not any documents that I write.

There is the Mobility 7.3 Design Guide out, maybe can take a look at that.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/emob73.html

George Stefanick · ‎08-21-2013

LOL..

I thought you were working on the new voice enterprise guide, no ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Nikos Nicolaides · ‎08-23-2013

Thanks for the guide Rasika but one question: How do i give QoS to Jabber when i am going to put everything in the same SSID?

TIA,

Nicos Nicolaides

TIA, Nicos Nicolaides

Rasika Nayanajith · ‎08-26-2013

Hi Nicos,

As long as you can recognize (not sure for Jabber their is a signature, otherwise you have to classify any voice application into this category) that application then you can give DSCP= EF or CoS=5 for those traffic, even if client applicaion does not correctly classifying those.

Again you need to remember that these AVC happen at WLC, upto that point (from wireless client ->AP->WLC) you cannot do much with AVC. But when that traffic goes to your wired network they will have the correct QoS tags so traffic can be prioratised.

For other traffic in that SSID,since they won't get DSCP=EF or CoS=5 won't get the same prioratization as voice.

Read my comment below for Upstream & Downstream QoS implications.

HTH

Rasika

migilles · ‎09-18-2013

Below is in response to George's inquiry above.

FYI, the Real-time Traffic over WLAN (RToWLAN) SRND that a bunch of us have been working on should be posted within the next month or so.

Sent from Cisco Technical Support iPad App

Jacob Snyder · ‎09-18-2013

If you need someone to proof read it I'm always available.

Sent from Cisco Technical Support iPhone App

Rasika Nayanajith · ‎08-22-2013

As others already stated, with BYOD + Jabber it is not convenient (from user point of view) to have different SSID purely for Voice, best would be having a single SSID with proper QoS.

If you still want to allow certain application on a given SSID you can use WLC 7.4.x onwards Application Visibility & Control (AVC) feature to do that. There are around 1k application signatures to detect (using NBAR2) whatever the application you want to allow/QoS mark/drop. Read below if you are interested on that option.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bed910.shtml

Regards

Rasika

Jacob Snyder · ‎08-25-2013

Interested in this as well.

The problem with AVC is that the remarking is done at the WLC and not the AP. Because if this, traffic from the wireless client is not prioritized and marked correctly upstream from the AP to the controller.

Sent from Cisco Technical Support iPhone App

Rasika Nayanajith · ‎08-26-2013

Hi Snyder,

I agree with you. If I look into detail this is how I see it

A. Upstream traffic (from wireless client)

1. Client -> AP (if client support WMM & correct classification then only any sort of QoS or prioratization)

2. AP -> WLC (In the current model, CAPWAP DSCP depend on WMM-UP value)

3. WLC -> Wired (AVC could change QoS & imposed beyond this point)

B. Downstream (to wireless client)

1. wired -> WLC ( wired QoS determine what value goes to WLC)

2. WLC -> AP ( if needed AVC could change QoS based on recongnised application )

3. AP -> Client (WLC can control - Convert to WMM-UP values as per 802.1p -802.11e mapping table)

When Implementing QoS end to end, few points to remember

A-1 : cannot control at all (from WLC or network perspective)

A-2 : In current unified deployment model cannot do much, but with Converged Access (3850) you can implment your normal wired QoS for the wireless packets as well. No CAPWAP beyond access switch.

A-3 : Trusting CoS is the only option if you have to enforce WLC QoS

For downstream direction , you can better control it as outlined & wireless QoS is primaraly focusing that.

So in my view there is no 100% correct solution here, you have to configure QoS to improve the services as much as you can within the capability of these deployment methods & technologies.

HTH

Rasika

Jacob Snyder · ‎08-26-2013

You are right in the fact that you suggest that there is no right answer. I wish that Media Snooping would allow the AP to remark voice traffic from SIP clients at the AP so they would preserve the appropriate markings.