Table Of Contents
Medianet Campus Cisco Catalyst 3650/3850 QoS Design
Role in Medianet Campus Network
The Catalyst 3650/3850 series switches are engineered to serve as a converged access switch in wired and wireless medianet campus networks. As such, these switches may connect directly to a variety of endpoints and distribution-layer switches, as shown in Figure 1.
Figure 1 Cisco Catalyst 3650/3850 Switch in a Medianet Campus Network
QoS Design Steps
There are two main steps to configure QoS on Cisco Catalyst 3650/3850 series switches:
1. Configure Ingress QoS Model(s):
–Trust DSCP Model
–Conditional Trust Model (wired ports only)
–Service Policy Models
2. Configure Egress Queuing
–Wired Queuing Models: 1P7Q3T or 2P6Q3T
–Wireless Queuing Model: 2P2Q+AFD
Step 1: Configure Ingress QoS Model(s)
The three most utilized ingress QoS models for medianet campus networks are:
•Trust DSCP Model
•Conditional Trust Model
•Service Policy Models
Combinations of these ingress QoS models may be used at the same time.
Trust DSCP Model
Wired ports on the Catalyst 3650/3850 default to a trusted state (shown as orange circles in Figure 1), but wireless ports default to an untrusted state. Nonetheless, wireless ports can also be configured to be trusted by the global configuration command: no qos wireless-default-untrust.
Conditional Trust Model
The Conditional Trust model configures the interface to dynamically accept markings from endpoints that have met a specific condition, such as a successful CDP negotiation (switch ports set to conditional trust are shown as green circles in Figure 1).
This model is suitable for switch ports connecting to:
•Cisco IP phones—trust device cisco-phone
•Cisco TelePresence Systems—trust device cts
•Cisco IP Video Surveillance cameras—trust device ip-camera
•Cisco Digital Media Players—trust device media-player
This model is also suitable for PCs and untrusted devices, since the ports connecting to such devices will remain in their default untrusted state (shown as black circles in Figure 1).
Service Policy Models
There may be cases where administrators require more detailed or granular policies on their ingress edges and as such they may construct MQC-based policies to implement classification, marking, and/or policing policies. These policies are constructed with:
•class-maps which identify the flows using packet markings or by access-lists or other criteria
•policy-maps which specify policy actions to be taken on a class-by-class basis
•service-policy statements which apply a specific policy-map to an interface(s) and specify direction
On the Catalyst 3650/3850, service policies may be applied to wired or wireless ports (shown as red circles in Figure 1) or to individual wireless clients (shown as purple circles in Figure 1).
Step 2a: Configure Egress Queuing for Wired Ports
Wired ports can be configured with either a 1P7Q3T or 2P6Q3T egress queuing model. The only difference between the two models is whether a second priority queue is configured via the priority level 2 policy-map action command.
Figure 2 Catalyst 3650/3850 2P6Q3T (Wired Port) Egress Queuing Model
Step 2b: Configure Egress Queuing for Wireless Ports
The Catalyst 3650/3850 switch supports two levels of priority queueing on wireless ports, as well as one non-priority queue for unicast traffic and one non-priority queue for multicast traffic. The switch also supports a bandwidth control algorithm, Approximate Fair Drop (AFD), to provide fairness between radios, SSIDs, and even individual clients
Figure 3 Catalyst 3650/3850 2P2Q+AFD (Wireless Port) Egress Queuing Model
Cisco Validated Design (CVD)
The Cisco Validated Designs for a Catalyst 3650/3850 series switch in the role of a converged access switch in a medianet campus network are presented below.
Note: Highlighted commands are interface specific; otherwise these are global.