Wireless Access

Can you do qos when in bridge mode? Doesnt the pef need to examine each packet one by ine in which case this cant be one can it as the packets are physiclly going through the network drop? 

 

Also, if the switchport that the ap's are on have our normal lan qos on does it still gets the packets in tact marked by the clients (we do mak our voice packets with ef46 ) or does the encyption that is placed on wireless clients strip them?

Okay for the ap pon bridge mode  these are the recommendtions

 

Voice Support in Different Forwarding Modes

The recommended deployment options for voice are split-tunnel, decrypt-tunnel, or tunnel mode.

Bridge mode SSID is not a supported option because VoIP application-layer gateways (ALGs) are not

supported in bridge mode

 

List of features lost on Bridge mode

 

http://www.arubanetworks.com/pdf/technology/DG_Mobility-Controllers-Deployment-Models-5.0-VRD.pdf

Page 41 and 42

Sorry  i didnt answer your question

I think you can dscp on the bridge mode AP as the firewall policies will be send to the AP on the bridge mode....(never tried it)

I try to fallow Aruba recommendations for everythig... and as far i read their recommendation for voice is not to put it on bridge mode,  for the reason i told up. .

 

Why you putting it on Bridge mode? is the PBX on the remote site?

So you dont think you will lose the markings coming from the client to the switchport ? 

Encryption wont strip?

We have in bridge mode so tat perfo ance is better and access to locsl respurces stys local. Our ap's can be in different countries to controller. Thanks again.

Is this a rap on bridge mode  or campus bridge mode?

Campus.

Well now i check on my testing controller i though you could set a DSCP value on the firewall rule whcih you cant.. you can set 802.1p value or a tos value....

The DSCP is used with the WMM as far i know but i cannot directly put it on the firewall rule... so now im not sure of it... lets wait someone else asnwer you that sorry.  Maybe Collin can help here!

 

Guess you could use wmm but then the client must support it  and configure it on the controller  and change the wmm value that is mapped by default on the vap... as by default for voice is 56(on decimal)

 

Cheers

Carlos 

mmm, but how does the pef work this if in bridge mode? This stil sounds like it is not possible.

 

Can anyone else help here please?

Well what i know is that the config of the pefng is downloaded to the AP and the AP can do features of hte pefng what i don tkow if that config or firewall is limited... on what it can download to the ap

Let wait what an Aruba Guru  says

Maybe he can enligh us both :)

Hope so:)

---

@leelaw wrote:

mmm, but how does the pef work this if in bridge mode? This stil sounds like it is not possible.

 

Can anyone else help here please?

---

The firewall policies are downloaded to the access point in bridge mode and the rules are enforced at the access point.  When the access point is in bridged mode, it decrypts the traffic so that it knows what to permit and disallow.  What you do not get in bridge mode is the VOICE ALG so you will end up opening more ports for voice than the initial port, because the AP cannot detect a separate RTP conversation.  All frames that are tagged via WMM are grandfathered to the wired network, however...

 

Thanks!

 

So, removing WMM from the equation, if my wireless client is marking traffic (we are in bridge mode) will the network drop that the AP is attached to maintain the markings?

You WANT WMM on your device in the equation, so that the over-the-air QOS is done automatically.  That is the main place that there is limited bandwidth and contention and you want WMM to do its job.  If your device has WMM, make sure it is enabled so that the conversation between the device and the Aruba access point will have priority over the air when voice traffic is active.  There is no other way for your device to mark that traffic and an access point cannot automatically detect it without WMM enabled on your device.

 

After the traffic hits the wired network, you will have to configure your wired network to recognize and prioritize the traffic further, if necessary.

 

So what we do it mark the voice packets as ef46 and our switchport carries that marking from edge to core where it is given priority in the WAN . My understanding is that over the air if WMM is not on that no prioritasation is taking place but am I not right in saying that the ip precedence will be amintained.? (I understand that you need WMM in the air)

 

Next question  - you say to switch on the client - I am not suire how to do that., Also do you need to do anything on the controller to switch WMM on?

 

So what you were saying about the rules of the pef on the ap.... does this examone each packet and see that its voice and treat it accordingly?

 

Thanks:)

---

@leelaw wrote:

So what we do it mark the voice packets as ef46 and our switchport carries that marking from edge to core where it is given priority in the WAN . My understanding is that over the air if WMM is not on that no prioritasation is taking place but am I not right in saying that the ip precedence will be amintained.? (I understand that you need WMM in the air)

 

Next question  - you say to switch on the client - I am not suire how to do that., Also do you need to do anything on the controller to switch WMM on?

 

So what you were saying about the rules of the pef on the ap.... does this examone each packet and see that its voice and treat it accordingly?

 

Thanks:)

---

If WMM is not enabled in the SSID profile on the controller and WMM is not on the client, we are not doing any prioritization.  It needs to be enabled on both.

 

The access point should mark the traffic because of WMM and NOT because of the protocol being sent.

 

If you are doing PEF using bridged mode, the access point can allow and deny traffic based on what ports you allow, but it is not smart enough to allow/deny RTP traffic that does not use the initial VOICE port.  You would want to setup your firewall policies for that client to make them as permissive as possible.

 

WMM allows us to have traffic automatically tagged, as long as your firewall policy is permitting it.

 

I am still wondering here.... sureley the ip header that the client is sending still has the marking that we apply to it so when it reaches the Ap this just passes it through - or are you sayong it is stripped?

 

Are there any case study designs showing how WMM is configured with the PEF please? Because I need to know what is involved for the client and the controller to get this working?

 

Thanks:)

---

@cjoseph wrote:

You WANT WMM on your device in the equation, so that the over-the-air QOS is done automatically.  That is the main place that there is limited bandwidth and contention and you want WMM to do its job.  If your device has WMM, make sure it is enabled so that the conversation between the device and the Aruba access point will have priority over the air when voice traffic is active.  There is no other way for your device to mark that traffic and an access point cannot automatically detect it without WMM enabled on your device.

 

After the traffic hits the wired network, you will have to configure your wired network to recognize and prioritize the traffic further, if necessary.

 

---

Hello again!

There is something important here to mention

You cannot use wmm on bridge mode APS.... so there is no way to automatically QOS

I was reading stuff of wmm around and  i saw this on a KB:

WMM does not support APs configured in bridge mode

 

Source:

http://support.arubanetworks.com/Default.aspx?tabid=111&loc=https://kb.arubanetworks.com/

 

If i misunderstood please correct me Collin

To use WMM he will need to change it to tunnel mode.   He is using it on Campus Bridge mode.

 

Cheers

Carlos

Guys,

This is why i get confused, i have heard some say t is supported and some say it isnt:)

 

Please help me get a definitive answer.

---

@leelaw wrote:

Guys,

This is why i get confused, i have heard some say t is supported and some say it isnt:)

 

Please help me get a definitive answer.

---

WMM IS supported in Bridge Mode in ArubaOS 6.1.  That is an old knowledgebase article that has not been updated.

 

Let us close this thread to avoid confusion.  We can open another one if we want to get any more information.

Thanks Colin:)

Wmm info is passed through without modification. PEF will allow/deny specific application traffic. If you put an allow all, your WMM info should be preserved and not rewritten. That is the way you should proceed initially.

But i am referring to my markings that our app adds not wmm. We have ms lync and this app marks all voice packets with ef46. This is what i am asking about ... Whether this is unchanged?

It should not be changed.

Thanks.

Do you have a document on howcto setup wmm?

It is a check box under the advanced tab in the SSID profile.

That is all you need to do.

Hello Collin i guess he is referring that he wants all DSCP value are maintain equal during all the way...

 

So if you do WMM then he will mark the packet with DSCP value with the default value that the aruba got... which is 56 in decimal... which in hex is 0x38 which is not the same

Wouldnt he need to change those defualt settings?

On the switch when the packet arrive theyh will arrive with the DSCP value 0x38 and not the one he is using...

At least on alcatel swithces you configure this, if you already got the value then you tell it to maintain that value all over the swithces on the trunks i dont know how you do it on other brands...

 

Woundnt he need to override those DSCP default values with the ones he is using on this network already?

 

The other thing i would like to know is tha twhen you using WMM and the client support WMM he automatically knows its a voice traffic and tag it with the DSCP value that is mapped by default on the controller and in this case he will put automatically DSCP 56 and send it out of the controller like that?

I understand. Let me check on that specific scenario.

There is a way to change those default valueswhich i think its on the VAP on the ssid profile on advanced,  but im honest i have never configured the WMM yet so i don t know thats why i ask.... most of our custumers just got laptops and that kind of stuff and just want lot of security(they just use wireless for DATA), but still dont have a client with lot of wireless ip phones or that kind of things... in which im interested to know because we are getting one in which he does have this scenario.  And now someone is asking i would like to configure properly :)

 

 

Ok now i am more confused than i was to begin with. So wmm overwrites the tos value that i am sending out ?

I was thinking more in the other direction :) not from your ip pbx to the client....

I was talking about from the client to the ip pbx.

 

But its a good question... i dont know if it maintain the value or what it does with it....

 

As far i read it should have the same value all over the way from the AP to the ip pbx and from the ip pbx to the AP.

 

Just like on the switches...the same value is maintain all over the way.

 

I twould be a good adding to a course to configure this knid of thing... on the ACSP course they just mention it but didnt tell you how you should configure it in a full scenario.

 

 

 

 

 

The client is just a users laptop with lync client on . So every laptop has voice over ip. This is not an ip pbx by the way:)

Well was just giving an example :) let wait what Collin says :)

We use ef46. So r u sayingvtat thiscwont be maintained?

It should just be passed through.... once again, let me check. WMM does not come into play here.

We just pass the tags through...

Okay when you say you pass the tag though lets look an example and let see if i got it

 

Scenario1

if the packet is coming from the switch to the wireless controller

if it got a voice packet tagged with DSCP(not the default one you use on Wireless controller) does it pass the tag it has whatever it is to the AP?

 

Scenario2

if the packet goes from the AP to the controller it will tag it with DSCP 56 the controller will keep this tag automatically and pass it to the Switch... now on the switch i can take that DSCP value and maintain it all the way to the ip pbx or all around my network(so it will has priority) even if its using another DSCP value, but the issue with this is that if i got another thing inside the company let say that in the company DSCP 56 was assigned to video... then on the switches they willl have the same priority all over the wired network

 

What we want is to have the same DSCP value in all the system for my understanding thats is what we should do(im not an expert in QoS neither in Voice) thtas why im asking.

 

Extra Questions

1-Now if the company is already running another values for Voice and video guess is less work just changing them on the controller, on the WMM option on the SSID right?

2-When the packet is in the air let say i got an IP phone, and im using the same corporate SSID(not needing another SSID for voice like other brands)How does aruba recognize its a voice traffic? with application aware? how does it recognize is a voice traiffc? when im using WMM and the client support it i mean.

3-If the client does not support wmm i got no other option that on the firewall rule to put maybe the ports on a rule and the network its using and give it priority but the problem here is that i cannot use DSCP values on the rule i just can use TOS or 802.1p.   How can i manage that? if we are using on our switches DSCP values for priority.

 

Cheers

Carlos 

We just pass the tags through...