No relevant resource is found in the selected language.
MENU
Support Documentation
Wireless Access Controller (AC and Fit AP) V200R019C10 Web-based Configuration Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a QoS Policy Based on Application Protocols (Direct Forwarding)

Example for Configuring a QoS Policy Based on Application Protocols (Direct Forwarding)

Networking Requirements

As shown in the following figure, an enterprise has deployed a WLAN with the direct data forwarding mode. To regulate online behavior of employees on the network, the administrator needs to configure QoS policies based on application protocols.

Voice, video, and data services are involved on the WLAN, including FaceTime, SkypeForBusiness, QQ_VoIP. The administrator wants to learn the application traffic usage to plan the network capacity and locate faults. For example, discard FaceTime packets, specify the SkypeForBusiness priority, and limit the rate of QQ_VoIP traffic.

For configurations of the WLAN access function, see Related Topics.

Figure 3-72 Networking for configuring QoS policies based on application protocols

Configuration Roadmap

The configuration roadmap is as follows:
  1. Enable the security engine and update the signature database.
  2. Configure application visualization, including specifying the priority for Skype for Business packets, discarding FaceTime packets, and limiting the rate of QQ VoIP packets.
Table 3-72 AC data planning

Item

Data

AP group
  • Name: ap-group1
  • Referenced profile: VAP profile wlan-net

VAP profile
  • Name: wlan-net
  • Forwarding mode: direct forwarding
  • Referenced profile: SAC profile wlan-sac

SAC profile

Name: wlan-sac

SAC policy: Discard FaceTime packets, set the DSCP priority of Skype for Business packets to 40, and limit the rate of QQ VoIP packets to 1000 kbit/s.

Configuration Notes

  • No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
    • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
    • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
    For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

  • Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

  • In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

  1. Enable the security engine.

    In this example, the direct data forwarding mode is used. Therefore, you need to enable the security engine on both the AC and the AP. If tunnel forwarding is used, you only need to enable the security engine on the AC.

    # Choose Configuration > QoS > App Identification & Optimization > SAC > SAC Configuration.

    # Enable Loading the SAC signature database on the AC.

    # Disable Loading the SAC signature database on the AP. In Loading the SAC Signature Database for APs by AP Group, enable SAC for a specified AP group.

    # Click Apply.

  2. Update the SAC signature database.

    # visit Huawei Security Center (https://isecurity.huawei.com/sec/web/freesignature.do) and download the SAC signature databases of the AC and AP.

    # Choose Maintenance > AC Maintenance > Signature DB.

    # Under Signature Database List, click Local upgrade mapping AC SAC Signature Database. In the dialog box that is displayed, click Upload. In the dialog box that is displayed, select the corresponding SAC signature database and click OK. In the dialog box that is displayed, click OK.

    # After the update is successful, a dialog box is displayed, where you can click OK.

    # The method for updating AP SAC Signature Database is similar to that for updating the AC SAC signature database, and is not mentioned here.

  3. Create an SAC profile and bind it to the VAP profile corresponding to the AP group ap-group1.

    # Choose Configuration > AP Config > AP Group > AP Group.

    # In the AP group list, click the AP group ap-group1, click next to VAP Configuration, click next to wlan-net, and select SAC Profile.

    # Click Create, set Profile name to wlan-sac. Click OK. The page for configuring SAC Profile is displayed.

    # Under Configuration Policy, set Application protocol group to instant_message, Application protocol to skypeforbusiness, Policy type to Priority policy, Priority policy mode to DSCP, and the priority to 40. Click .

    # Under Configuration Policy, set Application protocol group to voip, Application protocol to qq_voip, Policy type to Rate limit policy, and Rate limit message application strategy (Kbit/s) to 1000. Click .

    # Under Configuration Policy, set Application protocol group to voip, Application protocol to facetime, and Policy type to Drop policy. Click .

    # After the policy is configured, it is displayed as follows.

    # Click Apply. In the dialog box that is displayed, click OK.

  4. After the configuration is complete, the FaceTime service cannot be used, the DSCP priority of the Skype for Business packets is 40, and the rate of QQ VoIP packets is limited to 1000 kbit/s.

Related Topics

Translation
简体中文
Download
Updated: 2021-02-10

Document ID: EDOC1100156625

Views: 6221

Downloads: 611

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Enterprise APP

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :