09-13-2021 01:34 AM
Hi,
Having some problems getting the correct CAPWAP-header DSCP-markings for Teams-traffic in the upstream direction. I see that the clients are WMM-enabled, and that the DSCP-value in the original header is correct. However, this value is not transferred to the outer CAPWAP-header.
I have enabled the trust DSCP upstream, and the platinum-profile has the following:
Im not quite sure here if Teams sets the UP, or if they just set the DSCP-value. If they dont, i guess the "Unicast default priority" just marks the CAPWAP as default even if the original value is EF/AF41? And i havent quite understood if the QoS-map should be enabled if the Trust DSCP upstream is enabled? Based on this talk from Jerome Henry it should:
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2017/pdf/BRKEWN-2000.pdf
09-13-2021 09:31 PM
You have to enable that QoS map first. Then it will work.
HTH
Rasika
*** Pls rate all useful responses ***
09-13-2021 11:23 PM
Hello,
Enabled last night, but still, traffic coming from the client is marked correctly in the inner header, but the outer CAPWAP header on the first-hop router is seen as CS0/default.
show qos qosmap
Status: Enabled
Downstream:
dscp-to-up-map:
Start DSCP End DSCP Up
0 7 0
8 15 1
16 23 2
24 31 3
32 39 4
40 47 5
48 55 6
56 63 7
Exception List:
DSCP UP
0 0
2 1
4 1
6 1
10 2
12 214 2
18 3
20 3
22 3
26 4
34 5
46 6
48 7
56 7
Trust DSCP Upstream: Enabled
Layout:
Client -> AP18328 -> Cat 9300 -> ISR4300. No qos config/implicit trust on the 9300, 4300 doesnt do any ingress marking (i do the monitor capture ingress on the ap-mgmt subinterface of the router).
09-13-2021 11:41 PM
Pls share WLAN QoS tab configuration. I hope you set it to Platinum
Rasika
09-13-2021 11:43 PM
This is the config for the SSID that carries the Teams-traffic.
09-13-2021 11:48 PM
Do you implement any remarking policies ? I can see there is an AVC policy, what does it do?
Rasika
09-13-2021 11:50 PM
Oh, sorry. No, the rl-ms-services only ratelimits ms-services and updates to not overwhelm our wan. No remarking done in avc.
09-14-2021 01:27 AM - edited 09-14-2021 01:38 AM
I have tested in my home environment with the following setup. I am running the 8.5.171.0 software version on my WLC. I joined a Webex call from iPad to generate EF & AF41 traffic.
iPad <> C3702 <> C3560 <>C1941 <> C3560 <> WLC2504
I can confirm outer capwap DSCP is exactly the same as the inner packet DSCP (see attached capture-iPad-Webex-2504-3702.zip). I took packet capture on AP connected switchport.
Here is a suggestion if you can do that.
1. Create a test SSID with PSK
2. Enable Fastlane on that SSID (that will make all backend configurations as per Cisco recommendation)
3. Test your client with MS team
4. Test iPhone or iPad with Webex
5. Compare the result in numbers 4 & 5 scenarios.
HTH
Rasika
*** Pls rate all helpful responses ***
09-14-2021 01:39 AM
Thanks! I will try enabling Fastlane tonight. I am running an older engineering release (bugfix), might be something there. Maybe i should upgrade in case Fastlane doesnt solve this problem
09-14-2021 01:55 AM - edited 09-14-2021 02:00 AM
As suggested, I prefer if you can test it with a new SSID rather than making changes to the production SSID.
keep note few things.
1. Once you apply Fastlane it will create an AutoQoS-AVC-Profile and apply onto your SSID, if you need you can remove it under SSID (in my case I have removed that AVC policy).
2. In the AireOS AVC profile,you can have max 32 rules, and AutoQoS-AVC-Profile rules are like below.
3. Latest AireOS WLC version, there is a class-default will be the 32nd rule, which means all other traffic, not classified by this policy will get CS0 in the outer capwap (if AVC policy is applied to SSID).
4. In AireOS, these AVC policies do not change the inner DSCP values, hence it only impacts CAPWAP traffic between AP & WLC. When WLC sends the inner packest to the wired side, you will see the original DSCP value set by wifi clients.
5. Here is the AVC profile created in 8.5.x when you enable Fastlane. (you may see slightly different profile created based on your code version)
,.
Pls test & let me know what you find.
HTH
Rasika
*** Pls rate all helpful responses ***
09-14-2021 01:58 AM
Yea, test-ssid first. However, is there any reason a non-fastlane ssid would not honor/trust the client up/dscp-values if trust upstream is set? Would anything in Aireos override this?
09-14-2021 02:08 AM
I cannot think of any reason for such behavior, let's test and see what you can find.
1. First test without Fastlane (just enable QoS map & Trust Upstream DSCP)
2. Test with Fastlane on SSID
HTH
Rasika
09-19-2021 11:13 PM
So i enabled fastlane, but same result, outer header (capwap), is still DSCP DS0. TAC-time i guess.
09-20-2021 12:13 AM
Hi
If you tested with Fastlane enabled on SSID and you cannot see outer capwap is the same as inner DSCP value, then I would suggest checking with TAC
Pls keep us updated as I am interested to see it.
Not many people testing these to the level that you go (frame level)
HTH
Rasika
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide