Quality of Service

Wireless QoS Overview

Quality of Service (QoS), provides the ability to prioritize the traffic by giving preferential treatment to specific traffic over the other traffic types. Without QoS, the device offers best-effort service for each packet, regardless of the packet contents or size. The device sends the packets without any assurance of reliability, delay bounds, or throughput.

A target is the entity where the policy is applied. Wireless QoS policies for SSID and client are applied in the upstream and (or) downstream direction. The flow of traffic from a wired source to a wireless target is known as downstream traffic. The flow of traffic from a wireless source to a wired target is known as upstream traffic.

The following are some of the specific features provided by wireless QoS:

  • SSID and client policies on wireless QoS targets

  • Marking and Policing (also known as Rate Limiting ) of wireless traffic

  • Mobility support for QoS

Wireless QoS Targets

This section describes the various wireless QoS targets available on a device.

SSID Policies

You can create QoS policies on SSID in both the ingress and egress directions. If not configured, there is no SSID policy applied.

The policy is applicable per AP per SSID.

You can configure policing and marking policies on SSID.

Client Policies

Client policies are applicable in the ingress and egress direction. You can configure policing and marking policies on clients. AAA override is also supported.

Supported QoS Features on Wireless Targets

This table describes the various features available on wireless targets.

Table 1. QoS Features Available on Wireless Targets
Target Features Direction Where Policies Are Applicable
SSID
  • Set

  • Police

  • Drop

Upstream and downstream
Client
  • Set

  • Police

  • Drop

Upstream and downstream

This table describes the various features available on wireless targets.

Table 2. QoS Policy Actions

Policy Action Types

Wireless Target Support

Local Mode

Flex Mode

Police

Supported

Supported

Set

Supported

Supported

This table describes the various features available on wireless targets.

Table 3. QoS Policy Set Actions

Set Action Types

Supported

Local Mode

Flex Mode

set dscp

Supported

Supported

set qos-group

Supported

Not Supported

set wlan user-priority (downstream only)

Supported (BSSID only)

Supported (BSSID only)

Wireless QoS Mobility

Wireless QoS mobility enables you to configure QoS policies so that the network provides the same service anywhere in the network. A wireless client can roam from one location to another and as a result the client can get associated to different access points associated with a different device. Wireless client roaming can be classified into two types:

  • Intra-device roaming

  • Inter-device roaming


Note


In a foreign WLC, client statistics are not displayed.

Note


The client policies must be available on all of the devices in the mobility group. The same SSID policy must be applied to all devices in the mobility group so that the clients get consistent treatment.

Precious Metal Policies for Wireless QoS

The precious metal policies are system-defined policies that are available on the controller . They cannot be removed or changed.

The following policies are available:

  • Platinum—Used for VoIP clients.

  • Gold—Used for video clients.

  • Silver— Used for traffic that can be considered best-effort.

  • Bronze—Used for NRT traffic.

These policies are pre-configured. They cannot be modified.

For client metal policies, they can be pushed using AAA.

Based on the policies applied, the 802.11e (WMM), and DSCP fields in the packets are affected.

For more information about metal policies format see the Metal Policy Format section.

For more information about DSCP to UP mapping, see the table.


Note


APs in the FlexConnect local switching mode do not apply the QoS metal policy ceilings for upstream traffic. The ceiling limit will only be implemented at the controller's exit point. Therefore, the DSCP value remains unaffected by the AP when a metal QoS policy is applied to the policy profile.


Prerequisites for Wireless QoS

Before configuring wireless QoS, you must have a thorough understanding of these items:
  • Wireless concepts and network topologies.

  • Understanding of QoS implementation.

  • Modular QoS CLI (MQC). For more information on Modular QoS, see the MQC guide

  • The types of applications used and the traffic patterns on your network.

  • Bandwidth requirements and speed of the network.

Restrictions for QoS on Wireless Targets

General Restrictions

A target is an entity where a policy is applied. A policy can be applied to a wireless target, which can be an SSID or client target, in the downstream and/or upstream direction. Downstream indicates that traffic is flowing from the controller to the wireless client. Upstream indicates that traffic is flowing from wireless client to the controller.

  • Hierarchical (Parent policy and child policy) QoS is not supported.

  • SSID and client targets can be configured only with marking and policing policies.

  • One policy per target per direction is supported.

  • Class maps in a policy map can have different types of filters. However, only one marking action (set dscp) is supported.

  • Only one set action per class is supported.

  • Access group matching is not supported.

  • Access group (ACL) matching is not supported by access points in flex mode for local switching traffic.

  • SIP Call Admission Control (CAC) is not supported on the central switching mode.

  • From Cisco IOS XE Amsterdam 17.3.1 onwards, SIP Call Admission Control (CAC) is not supported.

  • Applying QoS on the WMI interface is not supported, as it may reboot the controller.

AP Side Restrictions

  • In Cisco Embedded Wireless Controller, FlexConnect local switching, and SDA deployments, the QoS policies are enforced on the AP. Due to this AP-side restriction, police actions (e.g., rate limiting) are only enforced at a per flow (5-tuple) level and not per client.

  • For FlexConnect local switching (local authentication) with AAA override enabled and external AAA server, only air space VLAN and ACL are supported as part of the AAA override and not the QoS override or other overrides.

Control Plane Rate Limiting and Policing

You need not explicitly configure control plane rate limiting or policing on the controller. The controller has embedded mechanisms (like policers) to protect the CPU by policing control plane traffic directed towards it. If you're migrating from AireOS to IOS-XE, this change is taken care of at the code level.

Metal Policy Format

Metal Policy Format

Metal Policies are system defined, and you cannot change it or delete it. There are four levels of metal policy - Platinum, Gold, Silver, and Bronze.


Note


Each metal policy defines a DSCP ceiling so that the DSCP or the UP marking does not exceed a certain value.

For Platinum the value is 46, Gold is AF41, Silver is 22, and Bronze is CS1.


Policy Name

Policy-map Format

Class-map Format

platinum
policy-map platinum              
 class cm-dscp-34                
  set dscp af41                   
 class cm-dscp-45                
  set dscp 45                    
 class cm-dscp-46                
  set dscp ef                    
 class cm-dscp-47                
  set dscp 47
class-map match-any cm-dscp-34   
 match dscp af41
class-map match-any cm-dscp-45   
 match dscp 45
class-map match-any cm-dscp-46   
 match dscp ef 
class-map match-any cm-dscp-47   
 match dscp 47 
class-map match-any cm-dscp-0    
 match dscp default 
gold
policy-map gold                  
 class cm-dscp-45                
  set dscp af41                  
 class cm-dscp-46                
  set dscp af41                  
 class cm-dscp-47                
          set dscp af41
silver
policy-map silver                
 class cm-dscp-34                
  set dscp default               
 class cm-dscp-45                
  set dscp default               
 class cm-dscp-46                
  set dscp default               
 class cm-dscp-47                
  set dscp default  
bronze
policy-map bronze                
 class cm-dscp-0                 
  set dscp cs1                   
 class cm-dscp-34                
  set dscp cs1                   
 class cm-dscp-45                
  set dscp cs1                   
 class cm-dscp-46                
  set dscp cs1                   
 class cm-dscp-47                
  set dscp cs1

Policy Name

Policy-map Format

Class-map Format

platinum-up
policy-map platinum-up           
 class cm-dscp-set1-for-up-4     
  set dscp af41                  
 class cm-dscp-set2-for-up-4     
  set dscp af41                  
 class cm-dscp-for-up-5          
  set dscp af41                  
 class cm-dscp-for-up-6          
  set dscp ef                    
 class cm-dscp-for-up-7          
  set dscp ef         
class-map match-any cm-dscp-for-up-0
  match dscp default
  match dscp cs2
class-map match-any cm-dscp-for-up-1
  match dscp cs1
class-map match-any cm-dscp-set1-for-up-4
  match dscp cs3
  match dscp af31
  match dscp af32
  match dscp af33
  
class-map match-any cm-dscp-set2-for-up-4 
  match dscp af41
  match dscp af42 
  match dscp af43 
  
class-map match-any cm-dscp-for-up-5
  match dscp cs4
  match dscp cs5
class-map match-any cm-dscp-for-up-6
  match dscp 44
  match dscp ef
class-map match-any cm-dscp-for-up-7
  match dscp cs6
  match dscp cs7
gold-up
policy-map gold-up               
 class cm-dscp-for-up-6          
  set dscp af41                  
 class cm-dscp-for-up-7          
  set dscp af41  
silver-up
policy-map silver-up             
 class cm-dscp-set1-for-up-4     
  set dscp default               
 class cm-dscp-set2-for-up-4     
  set dscp default               
 class cm-dscp-for-up-5          
  set dscp default               
 class cm-dscp-for-up-6          
  set dscp default               
 class cm-dscp-for-up-7          
  set dscp default     
bronze-up
policy-map bronze-up             
 class cm-dscp-for-up-0          
  set dscp cs1                   
 class cm-dscp-for-up-1          
  set dscp cs1                   
 class cm-dscp-set1-for-up-4     
  set dscp cs1                   
 class cm-dscp-set2-for-up-4     
  set dscp cs1                   
 class cm-dscp-for-up-5          
  set dscp cs1                    
 class cm-dscp-for-up-6          
  set dscp cs1                   
 class cm-dscp-for-up-7          
  set dscp cs1     

Policy Name

Policy-map Format

Class-map Format

clwmm-platinum
policy-map clwmm-platinum        
 class voice-plat                
  set dscp ef                    
 class video-plat                
  set dscp af41                  
 class class-default             
  set dscp default
class-map match-any voice-plat
   match dscp ef
class-map match-any video-plat
  match dscp af41
class-map match-any voice-gold
  match dscp ef
class-map match-any video-gold
  match dscp af41
clwmm-gold
policy-map clwmm-gold             
 class voice-gold                
  set dscp af41                  
 class video-gold                
  set dscp af41                  
 class class-default             
  set dscp default 
clnon-wmm-platinum
policy-map clnon-wmm-platinum    
 class class-default             
  set dscp ef 
clnon-wmm-gold
policy-map clnon-wmm-gold        
 class class-default             
  set dscp af41
clsilver
policy-map clsilver               
 class class-default             
  set dscp default  
clbronze
policy-map clbronze              
 class class-default             
  set dscp cs1 

Auto QoS Policy Format

Policy Name

Policy-map Format

Class-map Format

enterprise-avc
policy-map AutoQos-4.0-wlan-ET-SSID-Input-AVC-Policy
 class AutoQos-4.0-wlan-Voip-Data-Class
  set dscp ef
 class AutoQos-4.0-wlan-Voip-Signal-Class
  set dscp cs3
 class AutoQos-4.0-wlan-Multimedia-Conf-Class
  set dscp af41
 class AutoQos-4.0-wlan-Transaction-Class
  set dscp af21
 class AutoQos-4.0-wlan-Bulk-Data-Class
  set dscp af11
 class AutoQos-4.0-wlan-Scavanger-Class
  set dscp cs1
 class class-default
  set dscp default
policy-map AutoQos-4.0-wlan-ET-SSID-Output-Policy
class AutoQos-4.0-RT1-Class
set dscp ef
class AutoQos-4.0-RT2-Class
set dscp af31
class class-default
class-map match-any AutoQos-4.0-wlan-Voip-Data-Class
  match dscp ef
class-map match-any AutoQos-4.0-wlan-Voip-Signal-Class
 match protocol skinny
 match protocol cisco-jabber-control
 match protocol sip
 match protocol sip-tls
class-map match-any AutoQos-4.0-wlan-Multimedia-Conf-Class
 match protocol cisco-phone-video
 match protocol cisco-jabber-video
 match protocol ms-lync-video
 match protocol webex-media 
class-map match-any AutoQos-4.0-wlan-Transaction-Class
 match protocol cisco-jabber-im
 match protocol ms-office-web-apps
 match protocol salesforce
 match protocol sap 
class-map match-any AutoQos-4.0-wlan-Bulk-Data-Class
 match protocol ftp
 match protocol ftp-data
 match protocol ftps-data
 match protocol cifs
class-map match-any AutoQos-4.0-wlan-Scavanger-Class
 match protocol netflix
 match protocol youtube
 match protocol skype
 match protocol bittorrent
class-map match-any AutoQos-4.0-RT1-Class
match dscp ef
match dscp cs6
class-map match-any AutoQos-4.0-RT2-Class
match dscp cs4
match dscp cs3
match dscp af41
voice
policy-map platinum-up
class dscp-for-up-4
set dscp 34
class dscp-for-up-5
set dscp 34
class dscp-for-up-6
set dscp 46
class dscp-for-up-7
set dscp 46
policy-map platinum
class cm-dscp-34
set dscp 34
class cm-dscp-46
set dscp 46
guest
Policy Map AutoQos-4.0-wlan-GT-SSID-Output-Policy
Class class-default
set dscp default  
Policy Map AutoQos-4.0-wlan-GT-SSID-Input-Policy
Class class-default
set dscp default
port

(only applies to Local Mode)

policy-map AutoQos-4.0-wlan-Port-Output-Policy
 class AutoQos-4.0-Output-CAPWAP-C-Class
  priority level 1
 class AutoQos-4.0-Output-Voice-Class
  priority level 2
 class class-default
ip access-list extended AutoQos-4.0-Output-Acl-CAPWAP-C
 permit udp any eq 5246 16666 any
class-map match-any AutoQos-4.0-Output-CAPWAP-C-Class
 match access-group name AutoQos-4.0-Output-Acl-CAPWAP-C
class-map match-any AutoQos-4.0-Output-Voice-Class
 match dscp ef

Architecture for Voice, Video and Integrated Data (AVVID)

IETF DiffServ Service Class

DSCP

IEEE 802.11e

User Priority Access Category

Network Control

(CS7)

CS6

0

AC_BE

Telephony

EF

6

AC_VO

VOICE-ADMIT

44

6

AC_VO

Signaling

CS5

5

AC_VI

Multimedia Conferencing

AF41

AF42

AF43

4

AC_VI

Real-Time Interactive

CS4

5

AC_VI

Multimedia Streaming

AF31

AF32

AF33

4

AC_VI

Broadcast Video

CS3

4

AC_VI

Low-Latency Data

AF21

AF22

AF23

3

AC_BE

OAM

CS2

0

AC_BE

High-Throughput Data

AF11

AF12

AF13

2

AC_BK

Standard

DF

0

AC_BE

Low-Priority Data

CS1

1

AC_BK

Remaining

Remaining

0

How to apply Bi-Directional Rate Limiting

Information about Bi-Directional Rate Limiting

Bi-Directional Rate Limiting (BDRL) feature defines rate limits on both upstream and downstream traffic. These rate limits are individually configured. The rate limits can be configured on WLAN directly instead of QoS profiles, which will override QoS profile values. The WLAN rate limiting will always supersede Global QoS setting for controller and clients.

BDRL feature defines throughput limits for clients on their wireless networks and allows setting a priority service to a particular set of clients.

The following four QoS profiles are available to configure the rate limits:

  • Gold

  • Platinum

  • Silver

  • Bronze

The QoS profile is applied to all clients on the associated SSID. Therefore all clients connected to the same SSID will have the same rate limits.

To configure BDRL, select the QoS profile and configure the various rate limiting parameters. When rate limiting parameters are set to 0, the rate limiting feature is not functional. Each WLAN has a QoS profile associated with it in addition to the configuration in the QoS profile.


Note


BDRL in a mobility Anchor-Foreign setup must be configured both on Anchor and Foreign controller. As a best practice, it is recommended to perform identical configuration on both the controllers to avoid breakage of any feature.

BDRL is supported on Guest anchor scenarios. The feature is supported on IRCM guest scenarios with AireOS as Guest anchor or Guest Foreign. Cisco Catalyst 9800 Series Wireless Controller uses Policing option to rate limit the traffic.


To apply metal policy with BDRL, perform the following tasks:

  • Configure Metal Policy on SSID

  • Configure Metal Policy on Client

Prerequisites for Bi-Directional Rate Limiting

  • Client metal policy is applied through AAA-override.

  • You must specify the metal policy on ISE server.

  • AAA-override must be enabled on policy profile.

Configure Metal Policy on SSID

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-profile-name

Example:

Device(config)# wireless profile policy policy-profile1

Configures WLAN policy profile and enters wireless policy configuration mode.

Step 3

description description

Example:

Device(config-wireless-policy)# description policy-profile1

Adds a user defined description to the new wireless policy.

Step 4

service-policy input input-policy

Example:

Device(config-wireless-policy)# service-policy input platinum-up

Sets platinum policy for input.

Step 5

service-policy output output-policy

Example:

Device(config-wireless-policy)# service-policy output platinum

Sets platinum policy for output.

Configure Metal Policy on Client

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-profile-name

Example:

Device(config)# wireless profile policy policy-profile1

Configures WLAN policy profile and enters wireless policy configuration mode.

Step 3

description description

Example:

Device(config-wireless-policy)# description profile with aaa override

Adds a user defined description to the new wireless policy.

Step 4

aaa-override

Example:

Device(config-wireless-policy)# aaa-override

Enables AAA override on the WLAN.

Note

 

After AAA-override is enabled and ISE server starts sending policy, client policy defined in service-policy client will not take effect.

Configure Bi-Directional Rate Limiting for All Traffic

Use the police action in the policy-map to configure BDRL.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

policy-map policy-map

Example:

Device(config)# policy-map policy-sample 1

Creates a named object representing a set of policies that are to be applied to a set of traffic classes. Policy-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters.

Step 3

class class-map-name

Example:

Device(config-pmap)# class class-default

Associates a class map with the policy map, and enters policy-map class configuration mode.

Step 4

police rate

Example:

Device(config-pmap-c)# police 500000

Configures traffic policing (average rate, in bits per second). Valid values are 8000 to 200000000.

Configure Bi-Directional Rate Limiting Based on Traffic Classification

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

policy-map policy-map

Example:

Device(config)# policy-map policy-sample2

Creates a named object representing a set of policies that are to be applied to a set of traffic classes. Policy-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters.

Step 3

class class-map-name

Example:

Device(config-pmap)# class class-sample-youtube

Associates a class map with the policy map, and enters policy-map class configuration mode.

Step 4

police rate

Example:

Device(config-pmap-c)# police 1000000

Configures traffic policing (average rate, in bits per second). Valid values are 8000 to 200000000.

Step 5

conform-action drop

Example:

Device(config-pmap-c-police)# conform-action drop

Specifies the drop action to take on packets that conform to the rate limit.

Step 6

exceed-action drop

Example:

Device(config-pmap-c-police)# exceed-action drop

Specifies the drop action to take on packets that exceeds the rate limit.

Step 7

exit

Example:

Device(config-pmap-c-police)# exit

Exits the policy-map class configuration mode.

Step 8

set dscp default

Example:

Device(config-pmap-c)# set dscp default

Sets the DSCP value to default.

Step 9

police rate

Example:

Device(config-pmap-c)# police 500000

Configures traffic policing (average rate, in bits per second). Valid values are 8000 to 200000000.

Step 10

exit

Example:

Device(config-pmap-c)# exit

Exits the policy-map class configuration mode.

Step 11

exit

Example:

Device(config-pmap)# exit

Exits the policy-map configuration mode.

Step 12

class-map match-any class-map-name

Example:

Device(config)# class-map match-any class-sample-youtube

Selects a class map.

Step 13

match protocol protocol

Example:

Device(config-cmap)# match protocol youtube

Configures the match criteria for a class map on the basis of the specified protocol.

Apply Bi-Directional Rate Limiting Policy Map to Policy Profile

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-profile-name

Example:

Device(config)# wireless profile policy policy-profile3

Configures WLAN policy profile and enters wireless policy configuration mode.

Step 3

description description

Example:

Device(config-wireless-policy)# description policy-profile3

Adds a user defined description to the new wireless policy.

Step 4

service-policy client input input-policy

Example:

Device(config-wireless-policy)# service-policy client input platinum-up

Sets the input client service policy as platinum.

Step 5

service-policy client output output-policy

Example:

Device(config-wireless-policy)# service-policy client output platinum

Sets the output client service policy as platinum.

Step 6

service-policy input input-policy

Example:

Device(config-wireless-policy)# service-policy input platinum-up

Sets the input service policy as platinum.

Step 7

service-policy output output-policy

Example:

Device(config-wireless-policy)# service-policy output platinum

Sets the output service policy as platinum.

Apply Metal Policy with Bi-Directional Rate Limiting

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-profile-name

Example:

Device(config)# wireless profile policy policy-profile3

Configures WLAN policy profile and enters wireless policy configuration mode.

Step 3

description description

Example:

Device(config-wireless-policy)# description policy-profile3

Adds a user defined description to the new wireless policy.

Step 4

service-policy client input input-policy

Example:

Device(config-wireless-policy)# service-policy client input platinum-up

Sets the input client service policy as platinum.

Step 5

service-policy client output output-policy

Example:

Device(config-wireless-policy)# service-policy client output platinum

Sets the output client service policy as platinum.

Step 6

service-policy input input-policy

Example:

Device(config-wireless-policy)# service-policy input platinum-up

Sets the input service policy as platinum.

Step 7

service-policy output output-policy

Example:

Device(config-wireless-policy)# service-policy output platinum

Sets the output service policy as platinum.

Step 8

exit

Example:

Device(config-wireless-policy)# exit

Exits the policy configuration mode.

Step 9

policy-map policy-map

Example:

Device(config)# policy-map policy-sample 1

Creates a named object representing a set of policies that are to be applied to a set of traffic classes. Policy map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters.

Step 10

class class-map-name

Example:

Device(config-pmap)# class class-default

Associates a class map with the policy map, and enters configuration mode for the specified system class.

Step 11

police rate

Example:

Device(config-pmap-c)# police 500000

Configures traffic policing (average rate, in bits per second). Valid values are 8000 to 200000000.

How to apply Per Client Bi-Directional Rate Limiting

Information About Per Client Bi-Directional Rate Limiting

The Per Client Bi-Directional Rate Limiting feature adds bi-directional rate limiting for each wireless clients on 802.11ac Wave 2 APs in a Flex local switching configuration. Earlier, the Wave 2 APs supported only per-flow rate limiting for a wireless client. When wireless client starts multiple streams of traffic, the client-based rate limiting does not work as expected. This limitation is addressed by this feature.

For instance, if the controller is configured with QoS policy and you expect each client to have a rate limiting cap of 1000 kbps. Due to per-flow rate limiting on the AP, if the wireless client starts a Youtube stream and FTP stream, each of them will be rate limited at 1000 Kbps, therefore the client will be 2000 Kbps rates. This is not desirable.

Use Cases

The following are the use cases supported by the Per Client Bi-Directional Rate Limiting feature:

Use Case -1

Configuring only default class map

If policy map is configured only with default class map and mapped only to QoS client policy, AP does a per client rate limit to the client connected to AP.

Use Case-2

Changing from per client rate limit to per flow rate limit

If policy map is configured with another different class map along with a default class map and mapped to QoS client policy, AP performs per flow rate limit to client. As policy map has different class map along with the default class map. The per client rate limit values are cleared, if the AP has previously configured per client rate limit.

If the policy map has more than one class map, then additional class map is configured along with the default class map. So, the rate limit is applied from per client to per flow. The per client rate limit value is deleted from the rate info token bucket.

Use Case-3

Changing from per flow rate limit to per client limit

If different class map is removed from policy map and policy map has only one default class map, AP performs a per client rate limit to client.

The following covers the high-level steps for Per Client Bi-Directional Rate Limiting feature:

  1. Configure a policy map to WLAN through policy profile.

  2. Map the QoS related policy map to WLAN.

  3. Configure policy map with the default class map.

  4. Configure different police rate value for class Default map.


    Note


    If policy map has class Default with valid police rate value, AP applies that rate limit to the overall client data traffic flow.


  5. Apply the policy map with class Default to QoS client policy in WLAN policy profile.

Prerequisites for Per Client Bi-Directional Rate Limiting

  • This feature is exclusive to QoS client policy, that is, the policy profile must have only QoS Policy or policy target as client.

  • If policy map has class default with valid police rate value, AP applies that rate limit value to the overall client data traffic flow.

Restrictions on Per Client Bi-Directional Rate Limiting

  • If policy map has class map other than the class Default map, the per client rate limit does not work in AP.

  • From Cisco IOS XE Bengaluru 17.5.x onwards, AAA override can be leveraged to push the attributes to achieve per client rate limit.

Configuring Per Client Bi-Directional Rate Limiting (GUI)

Procedure


Step 1

Choose Configuration > Tags & Profiles > Policy.

Step 2

Click the Policy Profile Name.

The Edit Policy Profile window is displayed.

Note

 

The Edit Policy Profile window is displayed and configured in default class map only.

Step 3

Choose the QOS And AVC tab.

Step 4

In the QoS Client Policy settings, choose the policies from the Egress and Ingress drop-down lists.

Note

 

You need to apply the default policy map to the QoS Client Policy.

Step 5

Click Update & Apply to Device.


Verifying Per Client Bi-Directional Rate Limiting

To verify whether per client is applied in AP, use the following command:

Device# show rate-limit client
Config:
              mac vap rt_rate_out rt_rate_in rt_burst_out rt_burst_in nrt_rate_out nrt_rate_in nrt_burst_out nrt_burst_in
A0:D3:7A:12:6C:5E   0           0          0            0           0            0           0             0            0
Statistics:
            name     up down
        Unshaped      0    0
  Client RT pass 697610 8200
 Client NRT pass      0    0
 Client RT drops      0    0
Client NRT drops      0   16
               9    180    0
Per client rate limit:
              mac vap rate_out rate_in            policy
A0:D3:7A:12:6C:5E   0       88      23 per_client_rate_2

Configuring BDRL Using AAA Override

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy profile-name

Example:

Device (config)# wireless profile policy default-policy-profile

Configures the WLAN policy profile and enters wireless policy configuration mode.

Step 3

aaa-override

Example:

Device(config-wireless-policy)# aaa

Configures AAA override to apply policies coming from the AAA server or ISE the Cisco Identify Services Engine (ISE) server.

The following attributes are available in the RADIUS server:

  • Airespace-Data-Bandwidth-Average-Contract: 8001

  • Airespace-Real-Time-Bandwidth-Average-Contract: 8002

  • Airespace-Data-Bandwidth-Burst-Contract: 8003

  • Airespace-Real-Time-Bandwidth-Burst-Contract: 8004

  • Airespace-Data-Bandwidth-Average-Contract-Upstream: 8005

  • Airespace-Real-Time-Bandwidth-Average-Contract-Upstream: 8006

  • Airespace-Data-Bandwidth-Burst-Contract-Upstream: 8007

  • Airespace-Real-Time-Bandwidth-Burst-Contract-Upstream: 8008

Note

 

8001, 8002, 8003, 8004, 8005, 8006, 8007, and 8008 are the desired rate-limit values configured as an example.

Verifying Bi-Directional Rate-Limit

To verify the bi-directional rate limit, use the following command:

Device# show wireless client mac-address E8-8E-00-00-00-71 detailClient MAC Address : e88e.0000.0071
Client MAC Type     : Universally Administered Address
Client IPv4 Address : 100.0.7.94
Client Username     : e88e00000071
AP MAC Address      : 0a0b.0c00.0200
AP Name             : AP6B8B4567-0002
AP slot             : 0
Client State        : Associated
Policy Profile      : dnas_qos_profile_policy
Flex Profile        : N/A
Wireless LAN Id     : 10
WLAN Profile Name   : QoS_wlan
Wireless LAN Network Name (SSID): QoS_wlan
BSSID : 0a0b.0c00.0200
Connected For       : 28 seconds
Protocol            : 802.11n - 2.4 GHz
Channel             : 1
Client IIF-ID       : 0xa0000034
Association Id      : 10
Authentication Algorithm : Open System
Idle state timeout  : N/A
Session Timeout     : 1800 sec (Remaining time: 1777 sec)
Session Warning Time : Timer not running
Input Policy Name    : None
Input Policy State   : None
Input Policy Source  : None
Output Policy Name   : None
Output Policy State  : None
Output Policy Source : None
WMM Support          : Enabled
U-APSD Support       : Disabled
Fastlane Support     : Disabled
Client Active State  : In-Active
Power Save           : OFF
Supported Rates : 1.0,2.0,5.5,6.0,9.0,11.0,12.0,18.0,24.0,36.0,48.0,54.0
AAA QoS Rate Limit Parameters:
  QoS Average Data Rate Upstream             : 8005 (kbps)
  QoS Realtime Average Data Rate Upstream    : 8006 (kbps)
  QoS Burst Data Rate Upstream               : 8007 (kbps)
  QoS Realtime Burst Data Rate Upstream      : 8008 (kbps)
  QoS Average Data Rate Downstream           : 8001 (kbps)
  QoS Realtime Average Data Rate Downstream  : 8002 (kbps)
  QoS Burst Data Rate Downstream             : 80300 (kbps)
  QoS Realtime Burst Data Rate Downstream    : 8004 (kbps)

To verify the rate-limit details from the AP terminal, use the following command

Device# show rate-limit client
Config:
mac vap rt_rate_out rt_rate_in rt_burst_out rt_burst_in nrt_rate_out nrt_rate_in nrt_burst_out nrt_burst_in
00:1C:F1:09:85:E7 0 8001 8002 8003 8004 8005 8006 8007 8008
Statistics:
name up down
Unshaped 0 0
Client RT pass 0 0
Client NRT pass 0 0
Client RT drops 0 0
Client NRT drops 0 0
Per client rate limit:
mac vap rate_out rate_in policy

How to Configure Wireless QoS

Configuring a Policy Map with Class Map (GUI)

Procedure


Step 1

Choose Configuration > Services > QoS.

Step 2

Click Add to view the Add QoS window.

Step 3

In the text box next to the Policy Name, enter the name of the new policy map that is being added.

Step 4

Click Add Class-Maps.

Step 5

Configure AVC based policies or User Defined policies. To enable AVC based policies, and configure the following:

  1. Choose either Match Any or Match All.

  2. Choose the required Mark Type. If you choose DSCP or User Priority, you must specify the appropriate Mark Value.

  3. Check the Drop check box to drop traffic from specific sources.

    Note

     

    When Drop is enabled, the Mark Type and Police(kbps) options are disabled.

  4. Based on the chosen Match Type, select the required protocols from the Available Protocol(s) list and move them to the Selected Protocol(s) list. These selected protocols are the ones from which traffic is dropped.

  5. Click Save.

Note

 

To add more Class Maps, repeat steps 4 and 5.

Step 6

To enable User-Defined QoS policy, and the configure the following:

  1. Choose either Match Any or Match All.

  2. Choose either ACL or DSCP as the Match Type from the drop-down list, and then specify the appropriate Match Value.

  3. Choose the required Mark Type to associate with the mark label. If you choose DSCP, you must specify an appropriate Mark Value.

  4. Check the Drop check box to drop traffic from specific sources.

    Note

     

    When Drop is enabled, the Mark Type and Police(kbps) options are disabled.

  5. Click Save.

Note

 

To define actions for all the remaining traffic, in the Class Default, choose Mark and/or Police(kbps) accordingly.

Step 7

Click Save & Apply to Device.


Configuring a Class Map (CLI)

Follow the procedure given below to configure class maps for voice and video traffic:

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

class-map class-map-name

Example:

Device(config)# class-map test

Creates a class map.

Step 3

match dscp dscp-value

Example:

Device(config-cmap)# match dscp 46

Matches the DSCP value in the IPv4 and IPv6 packets.

Note

 

By default for the class map the value is match-all.

Step 4

end

Example:

Device(config-cmap)# end

Exits the class map configuration and returns to the privileged EXEC mode.

Step 5

show class-map class-map-name

Example:

Device# show class-map class_map_name

Verifies the class map details.

Configuring Policy Profile to Apply QoS Policy (GUI)

Procedure


Step 1

Choose Configuration > Tags & Profiles > Policy.

Step 2

On the Policy Profile page, click the name of the policy profile.

Step 3

In the Edit Policy Profile window, click the QoS and AVC tab.

Step 4

Under QoS SSID Policy, choose the appropriate Ingress and Egress policies for WLANs.

Note

 
The ingress policies can be differentiated from the egress policies by the suffix -up. For example, the Platinum ingress policy is named platinum-up.

Step 5

Under QoS Client Policy, choose the appropriate Ingress and Egress policies for clients.

Step 6

Click Update & Apply to Device.

Note

 

Only custom policies are displayed under QoS Client Policy. AutoQoS policies are auto generated and not displayed for user selection.


Configuring Policy Profile to Apply QoS Policy (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy profile-policy

Example:

Device(config)# wireless profile policy qostest

Configures WLAN policy profile and enters the wireless policy configuration mode.

Step 3

service-policy client { input | output} policy-name

Example:


Device(config-wireless-policy)# service-policy client input policy-map-client

Applies the policy. The following options are available.

  • input—Assigns the client policy for ingress direction on the policy profile.

  • output—Assigns the client policy for egress direction on the policy profile.

Step 4

service-policy { input | output} policy-name

Example:


Device(config-wireless-policy)# service-policy input policy-map-ssid

Applies the policy to the BSSID. The following options are available.

  • input—Assigns the policy-map to all clients in WLAN.

  • output—Assigns the policy-map to all clients in WLAN.

Step 5

no shutdown

Example:

Device(config-wireless-policy)# no shutdown

Enables the wireless policy profile.

Applying Policy Profile to Policy Tag (GUI)

Procedure


Step 1

Choose Configuration > Tags & Profiles > Tags.

Step 2

On the Manage Tags page in the Policy tab, click Add.

Step 3

In the Add Policy Tag window that is displayed, enter a name and description for the policy tag.

Step 4

Map the required WLAN IDs and WLAN profiles with appropriate policy profiles.

Step 5

Click Update & Apply to Device.


Applying Policy Profile to Policy Tag (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

wireless tag policy policy-tag-name

Example:

Device(config-policy-tag)# wireless tag policy qostag

Configures policy tag and enters the policy tag configuration mode.

Step 3

wlan wlan-name policy profile-policy-name

Example:

Device(config-policy-tag)# wlan test policy qostest

Maps a policy profile to a WLAN profile.

Step 4

end

Example:

Device(config-policy-tag)# end

Saves the configuration and exits the configuration mode and returns to privileged EXEC mode.

Step 5

show wireless tag policy summary

Example:

Device# show wireless tag policy summary

Displays the configured policy tags.

Note

 

To view the detailed information of a policy tag, use the show wireless tag policy detailed policy-tag-name command.

Attaching Policy Tag to an AP

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

ap mac-address

Example:

Device(config)# ap F866.F267.7DFB 

Configures Cisco APs and enters the ap profile configuration mode.

Step 3

policy-tag policy-tag-name

Example:

Device(config-ap-tag)# policy-tag qostag

Maps a Policy tag to the AP.

Step 4

end

Example:

Device(config-ap-tag)# end

Saves the configuration and exits the configuration mode and returns to privileged EXEC mode.

Step 5

show ap tag summary

Example:

Device# show ap tag summary  

Displays the ap details and tags associated to it.

Configuring Custom QoS Mapping

For interworking with IP networks, a map is devised between the 802.11e user priorities and the IP differentiated services code point (DSCP). Enable Hotspot 2.0 on the WLAN to support mapping exception.


Note


Custom QoS mapping only applies to Hotspot 2.0.


Mapping is specified as DSCP ranges to individual user priority values, and as a set of exceptions with one-to-one mapping between DSCP values and UP values. If a QoS map is enabled and user-configurable mappings are not added, the default values are used.


Note


Egress = Downstream = Output and Ingress = Upstream = Input


The following table shows a QoS map, where an AP provides a wireless client with the required mapping from IP DSCP to 802.11e user priority.

Table 4. Default DSCP-Range-to-User Priority Mapping

IP DSCP Range

802.11e User Priority

0-7

0

8-15

1

16-23

2

24-31

3

32-39

4

40-47

5

48-55

6

56-63

7

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

ap profile profile-name

Example:

Device(config)# ap profile hs2-profile

Configures an AP profile and enters AP profile configuration mode.

Step 3

qos-map dscp-to-up-range user-priority up-to-dscp dscp-start dscp-end

Example:

Device(config-ap-profile)# qos-map dscp-to-up-range 6 52 23 62 

Configures DSCP-to-user priority mapping.

You can configure up to eight configuration entries; one for each user-priority value. If you do not configure a custom value, a non-configured value (0xFF) is sent to the AP.

Use the no form of this command to disable the configuration. To delete all the custom mappings, use the no dscp-to-up-range command.

Configuring DSCP-to-User Priority Mapping Exception

When you configure a QoS mapping or exception, a custom QoS map is created and sent to the corresponding AP.

If there are no DSCP-to-user priority mapping or exception entries, an empty QoS map is used.

The following table shows the set of exceptions with one-to-one mapping between DSCP values and user priority values.

Table 5. Default DSCP-Range-to-User Priority Mapping Exceptions

IP DSCP

802.11e User Priority

0

0

2

1

4

1

6

1

10

2

12

2

14

2

18

3

20

3

22

3

26

4

34

5

46

6

48

7

56

7

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

ap profile profile-name

Example:

Device(config)# ap profile hs2-profile

Configures an AP profile and enters AP profile configuration mode.

Step 3

qos-map dscp-to-up-exception dscp-num user-priority

Example:

Device(config-ap-profile)# qos-map dscp-to-up-exception 42 6

Configures DSCP-to-user priority exception.

Configuring Trust Upstream DSCP Value

The controller marks the 802.11 user priority value in Traffic Identifier (TID) field based on the DSCP value in IP header.


Note


The AP forwards the DSCP value to Air, if 802.11 user priority value is set.


Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

ap profile profile-name

Example:

Device(config)# ap profile hs2-profile

Configures an AP profile and enters AP profile configuration mode.

Step 3

qos-map trust-dscp-upstream

Example:

Device(config-ap-profile)# qos-map trust-dscp-upstream 

Configures the AP to trust upstream DSCP instead of user priority.

Use the no form of the command to disable the configuration.

Note

 

From the Cisco IOS XE 17.4.x release onwards, the qos-map trust-dscp-upstream is the default setting so that client DSCP is, by default, maintained end to end.