- Preface
- Product Overview
- Supported Features
- CT5760 Centralized Configuration Example
- Mobility Architecture
- Bring Your Own Device Security Configuration
- Secure WLAN Configuration
- 802.11ac Support on WLC5760 and Catalyst 3850
- Radio Resource Management Configuration
- CleanAir
- Configuring ClientLink (Beamforming)
- High Availability
- Interface Group
- Multicast Configuration
- Installing and Upgrading Software Image on a CT5760
- Adding WLC to Prime
- Application Visibility and Flexible Netflow
- Service Discovery Gateway (mDNS Gateway)
- QoS Configuration
QoS Configuration
The introduction of Cisco IOS® software on the WLC5760 controller brings a wide-range of wired/wireless QoS supports and capabilities:
Enabling QoS
Based on the Modular QoS CLI model, QoS is enabled by default on the WLC5760. Explicit marking of traffic is required in order to modify Class of Service (CoS) or Differentiated Services Code Point (DSCP) values for traffic from and to wired ports. Traffic from wireless to wireless ports or wireless to wired ports is considered untrusted. Though QoS is globally enabled if traffic passes through an SSID, it must be marked or trusted specifically, or all QoS values (DSCP, CoS) will be set to default (0).
Managing QoS
QoS policies on the WLC5760 are provisioned in a couple of ways.
The configuration examples herein demonstrate attachment of policies via CLI. AAA configuration of policies is shown later in this specific section. The QoS policy name, not the actual QoS policy, is passed from the AAA server to the WLC5760 platform. Due to this fact, the QoS policy configuration must be local to the platform regardless of which method is used to manage QoS on the platform.
Marking Models
The WLC5760 supports several marking models:
- Per-Port Marking (wired)
- Per-Client Marking (wireless)
- Per-SSID Marking (wireless)
- Per-VLAN Marking (wired)
From a unified policy standpoint, the Per-Port and Per-Client marking policy can be synonymous but applied to a different target (wireless client, physical client port). Each model is discussed herein.
Per-Port or Per-Client Marking
Similar to the Catalyst 4500, the Per-Port or Per-Client marking model matches VoIP on UDP/RTP ports 16384-32767. The signaling traffic is matched on SCCP ports (TCP 2000-2002), as well as on SIP ports (TCP/UDP 5060-5061). Transactional data traffic are matched on various ports. Unlike the Catalyst 3750-E examples, no explicit default class is required, because the implicit class default performs policy actions (such as marking or policing) on the WLC3850/5760.
permit udp any any range 16384 32767
ip access-list extended SIGNALING
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
match access-group name SIGNALING
class-map match-all TRANSACTIONAL-DATA
match access-group name TRANSACTIONAL-DATA
!Per-Port or Per-Client Ingress Marking Policy-map Configuration
!Policy attachment to interfaces
!Wireless Clients associating to WLAN OPEN
ip dhcp server 10.17.1.9 load-balance
no security wpa wpa2 ciphers aes
Policing Models
Several policing models are available on the WLC5760.
Policing is offered in a number of ways and can be used in a hierarchical fashion as will be shown in the instance of client-based policies. In this instance, a policer can be used bi-directionally to police a client's traffic as an aggregate, as well as specific traffic classes associated with the client, such as voice.
Here is an example of FLAT Per-Port or Per-Client Policing configuration:
permit udp any any range 16384 32767
ip access-list extended SIGNALING
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
match access-group name SIGNALING
class-map match-all TRANSACTIONAL-DATA
match access-group name TRANSACTIONAL-DATA
!Per-Port or Per-Client Ingress Policing Policy-map Configuration
police 128000 conform-action transmit exceed-action drop
police 32000 conform-action transmit exceed-action drop
!Policy attachment to interfaces
!Wireless Clients associating to WLAN OPEN Policed bi-directionally
no security wpa wpa2 ciphers aes
service-policy client input PER-PORT-POLICING
service-policy client output PER-PORT-POLICING
Here is an example of Hierarchical Per-Client Policing configuration:
!Wireless Client Policy-map Client Aggregate policed to 2Mbps, Voice as a subset to 128k, signaling 32k
police 2000000 conform-action transmit exceed-action drop
service-policy PER-PORT-POLICING
police 128000 conform-action transmit exceed-action drop
Wireless Queuing
Wireless queuing by default provides a queuing policy. This policy is shown in the show run command and contains a static traffic class, which cannot be modified. This class is attached to multicast non-real-time traffic associated with the wireless port only. In order to enable the additional queues on egress of the wireless port, the static policy-map port_child_policy must be modified to include the three additional classes. Priority queuing is supported for two of the queues, while class-default makes up the rest of the queue.
Here is an example of egress wireless queuing policy:
police 6400000 conform-action transmit exceed-action drop
police 19200000 conform-action transmit exceed-action drop
In this example, the policy limits as an aggregate the priority queues RT1 and RT2 to an aggregate policed rate as shown. The policy also provides the additional non-real-time classes with a bandwidth associated with the bandwidth remaining ratio command. This ratio of available bandwidth is provided to the non-client-nrt (or multicast and non-client non-real-time traffic queue) and class-default queues.
Wireless MultiMedia Configuration
Wireless MultiMedia (WMM) separates traffic types into four QoS access categories: background, best effort, video, and voice.
(config) wlan <your WLAN name> (config-wlan) shutdown
(config-wlan) radio all (to enable this WLAN configuration on both AP radios and all Wi-Fi protocols)
(config-wlan) no security <your Current security setting>
WMM configuration options include:
- WMM Required - only WMM enabled clients can join the WLAN
- WMM Optional - both non-WMM clients and WMM enabled client can join the WLAN
– WMM enabled clients transmit all packets with WMM QoS header.
– Non-WMM clients transmit no packets with WMM QoS header.
Note Note that non-WMM cannot receive packets from the AP that have a WMM QoS header.
– All packets from and to non-WMM clients are sent with best effort Wi-Fi channel access.
Configure ISE in order to Authenticate and Push QoS Policies
Complete these steps to authenticate and push QoS policies.
1. Specify a condition where the expression is of NAS-Port-Type Virtual.
2. Create authentication parameters.
3. Authorization - Define result and use same condition.
5. Choose Cisco-AV-Pair at bottom shown in Step 6.
6. Modify Advanced Attribute Settings with the Cisco av-pair name, ip:sub-qos-policy-in, or ip:sub-qos-polify-out, plus name of QoS policy local to the WLC3850/5760. When clients are associated and authenticated, the policy name is pushed to the WLC3850/5760.
Cisco IOS® Tool Command Language Scripting
With the introduction of the Cisco IOS® software on the WLC5760 controller, users can now implement the Tool Command Language (TCL) scripting feature on the controller.