Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

TOS value after leaving controller

This thread has been viewed 2 times

  • 1.  TOS value after leaving controller

    Posted Jun 16, 2017 01:11 PM
    Does the TOS value (i.e. TOS 26) stay on the packet when it leaves the controller onto the LAN?
    Or is this on the wireless only?


  • 2.  RE: TOS value after leaving controller

    EMPLOYEE


  • 3.  RE: TOS value after leaving controller

    Posted Jun 16, 2017 06:08 PM
    I used a Policy to set the TOS value to 26, which is supposed to be AF31.

    When I check the uplink port on the Juniper EX switch, Im only seeing best-effort traffic.
    I'll setup a sniffer to check what is actually happening.


  • 4.  RE: TOS value after leaving controller

    EMPLOYEE
    Posted Jun 17, 2017 07:25 AM

    What direction is the traffic coming from?

    What is setting the TOS initially?



  • 5.  RE: TOS value after leaving controller

    Posted Jun 17, 2017 05:27 PM

    Traffic is coming from the wireless device, and should go to a remote server.

    I've found that the Juniper EX4600 uplink switch has default cos config. And it maps AF31 in best-effort. With Juniper you need a complete  rewrite rules config to get that sorted out.

     

    Have you ever seen the same with Aruba and default Juniper cos config?



  • 6.  RE: TOS value after leaving controller

    EMPLOYEE
    Posted Jun 18, 2017 08:08 AM

    Is the wireless device configured to mark the traffic?  What OS is the wireless device?



  • 7.  RE: TOS value after leaving controller

    Posted Jun 18, 2017 08:14 AM
    It's a Android based hand held scanner (Zebra TC8000), which talks UDP with the remote server. I sure the device doesnt mark traffic.

    On our WAN we color this traffic AF31. I wanted to see if we could color it at a more earlier stage.


  • 8.  RE: TOS value after leaving controller

    EMPLOYEE
    Posted Jun 18, 2017 08:26 AM

    If the Operating System does not mark it, you can mark it with rules on the controller, by using an ACL to identify the direction and UDP port and having it mark the traffic using TOS or DSCP.  Below is an example of an ACL you can add to a user role to do this: (you will have to use the magnify function in your browser to see the screenshot below).

     

    mark.png

     

    This marking will take place when it leaves the controller and goes to your infrastructure, since the client does not do any marking itself.

     

     



  • 9.  RE: TOS value after leaving controller

    Posted Jun 18, 2017 08:45 AM
    Thanks CJ,

    I have a similar policy active, except doing TOS 26, and I didn't have the option 802.1p set. I check this tomorrow


  • 10.  RE: TOS value after leaving controller
    Best Answer

    EMPLOYEE
    Posted Jun 18, 2017 09:31 AM

    To check to see if your policy is being hit or anything is being done, you need to type "show datapath session table <ip address of client>" to see if it is being marked.  Also type "show acl hits" to see if your policy is being hit by that client's traffic.



  • 11.  RE: TOS value after leaving controller

    Posted Jun 18, 2017 09:51 AM
    Seeing the TOS value on 26 and also the acl gets hits. So I'll check tomorrow what the uplink switch does with it.