Hello,

Enabled last night, but still, traffic coming from the client is marked correctly in the inner header, but the outer CAPWAP header on the first-hop router is seen as CS0/default.

show qos qosmap
Status: Enabled
Downstream:
dscp-to-up-map:
Start DSCP End DSCP Up
0 7 0
8 15 1
16 23 2
24 31 3
32 39 4
40 47 5
48 55 6
56 63 7

Exception List:
DSCP UP
0 0
2 1
4 1
6 1
10 2
12 214 2
18 3
20 3
22 3
26 4
34 5
46 6
48 7
56 7

Trust DSCP Upstream: Enabled

Layout:

Client -> AP18328 -> Cat 9300 -> ISR4300. No qos config/implicit trust on the 9300, 4300 doesnt do any ingress marking (i do the monitor capture ingress on the ap-mgmt subinterface of the router).

Pls share WLAN QoS tab configuration. I hope you set it to Platinum

Rasika

This is the config for the SSID that carries the Teams-traffic.

Do you implement any remarking policies ? I can see there is an AVC policy, what does it do?

Rasika

Oh, sorry. No, the rl-ms-services only ratelimits ms-services and updates to not overwhelm our wan. No remarking done in avc. 

I have tested in my home environment with the following setup. I am running the 8.5.171.0 software version on my WLC. I joined a Webex call from iPad to generate EF & AF41 traffic.

iPad <> C3702 <> C3560 <>C1941 <> C3560 <> WLC2504

I can confirm outer capwap DSCP is exactly the same as the inner packet DSCP (see attached capture-iPad-Webex-2504-3702.zip). I took packet capture on AP connected switchport.

Here is a suggestion if you can do that.

1. Create a test SSID with PSK

2. Enable Fastlane on that SSID (that will make all backend configurations as per Cisco recommendation)

3. Test your client with MS team

4. Test iPhone or iPad with Webex

5. Compare the result in numbers 4 & 5 scenarios.

HTH

Rasika

*** Pls rate all helpful responses ***

Thanks! I will try enabling Fastlane tonight. I am running an older engineering release (bugfix), might be something there. Maybe i should upgrade in case Fastlane doesnt solve this problem

As suggested, I prefer if you can test it with a new SSID rather than making changes to the production SSID.

keep note few things.

1. Once you apply Fastlane it will create an AutoQoS-AVC-Profile and apply onto your SSID, if you need you can remove it under SSID (in my case I have removed that AVC policy).

2. In the AireOS AVC profile,you can have max 32 rules, and AutoQoS-AVC-Profile rules are like below.

3. Latest AireOS WLC version, there is a class-default will be the 32nd rule, which means all other traffic, not classified by this policy will get CS0 in the outer capwap (if AVC policy is applied to SSID). 

4. In AireOS, these AVC policies do not change the inner DSCP values, hence it only impacts CAPWAP traffic between AP & WLC. When WLC sends the inner packest to the wired side, you will see the original DSCP value set by wifi clients.

5. Here is the AVC profile created in 8.5.x when you enable Fastlane. (you may see slightly different profile created based on your code version)

,. 

Pls test & let me know what you find.

HTH

Rasika

*** Pls rate all helpful responses ***

Yea, test-ssid first. However, is there any reason a non-fastlane ssid would not honor/trust the client up/dscp-values if trust upstream is set? Would anything in Aireos override this?

I cannot think of any reason for such behavior, let's test and see what you can find.

1. First test without Fastlane (just enable QoS map & Trust Upstream DSCP)

2. Test with Fastlane on SSID

HTH

Rasika

So i enabled fastlane, but same result, outer header (capwap), is still DSCP DS0. TAC-time i guess.

Hi 

If you tested with Fastlane enabled on SSID and you cannot see outer capwap is the same as inner DSCP value, then I would suggest checking with TAC

Pls keep us updated as I am interested to see it. 

Not many people testing these to the level that you go (frame level)

HTH

Rasika