Visibility and Control (AVC) classifies applications using deep packet
inspection techniques with the Network-Based Application Recognition (NBAR)
engine, and provides application-level visibility and control into Wi-Fi
networks. The recognition of business applications are supported with AVC
protocol pack 6.4 and above, operating with next-generation Network-Based
Application Recognition (NBAR2) engine 13 and above. With this capability, you
can correctly identify Cisco Jabber and also sub-classify how much of your
traffic is data (desktop share), audio, video, and apply different policies
applications are recognized, the AVC feature enables you to either drop, mark,
or rate-limit (by direction) the data traffic. Even if DSCP is already set,
there is a value of AVC providing visibility to the traffic that it classifies.
Using AVC, the controller can detect more than 1000 applications. AVC enables
you to perform real-time analysis and create policies to reduce network
congestion, costly network link usage, and infrastructure upgrades.
The QoS Behavior
with AVC between AP, WLC, and Infrastructure:
A frame is
transmitted with or without inner packet DSCP (or UP Value) from the wireless
side (client device).
On the AireOS
solution, the receiving access point translates the 802.11e UP value in the
frame header into a DSCP value using
and capping the value to the QoS profile used for the SSID. CAPWAP is used to
encapsulate the 802.11 frame. The CAPWAP encapsulated packet is transmitted to
the WLC. The outer CAPWAP header contains the DSCP value translated from the
802.11e UP value (and capped if necessary). The inner encapsulated packet
contains the original DSCP value applied by the wireless client. If UP value on
the upstream frame is missing, then capwap gets DSCP 0.
The WLC removes
the CAPWAP header.
The AVC module
on the WLC, which is optional, can be used to overwrite the original DSCP value
of the source packet to the configured value in the AVC profile. The WLC then
reads the QoS profile associated to the SSID, and caps the 802.1p value to the
maximum allowed by the QoS profile, while the DSCP value stays uncapped. The
WLC then forwards the source packet with its remarked DSCP value to the
A packet comes
from a switch with or without an inner-DSCP wired-side value.
The optional AVC
module is used to overwrite the inner-DSCP value of the downstream source
The WLC sends
out the packet to the access point with QoS priority (CoS and DSCP) on the
outer CAPWAP header. This value is no higher than the QoS priority configured
on the WLAN.
The access point
uses the outer DSCP header value to determine the priority, and sends the
packet on air with a WMM UP value representative of the DSCP setting, or the
WLAN configuration if the WLAN setting is lower. The original DCSP value
The WLAN QoS
configuration sets the highest priority for which a packet in the WLAN may be
forwarded. For example, a WLAN with a QoS priority of ‘gold’ will forward audio
& voice packets at a downgraded video priority, demoting the DSCP value
from 46 to 34.
When Jabber traffic
reaches the wireless controller, the controller performs deep packet inspection
to recognize the flow. If the flow is recognized as an application part of the
AVC profile, the traffic is marked according to the AVC policy. For example, in
situations where a wireless client sends unmarked Jabber traffic, this traffic
upon reaching the WLAN Controller would get immediately recognized by the NBAR
engine, and get remarked according to the AVC profile. If the AVC profile was
set to UP mark with DSCP value 46, the flows would be as in the following