Translations: "Italiano" |

Cisco FlexConnect over MPLS and DSCP values

Upgrading Cisco WLC firmware could be very painful if you have to download new AP images through MPLS. At least, last time, for me, it was very painful.

Recently we had to upgrade a Cisco 5520 WLC from v8.10.121 to 8.10.130. The WLC had hundreds of APs connected in FlexConnect mode, distributed over dozens of branches. The branches were connected to the HQ through an MPLS connection managed by an Italian provider.

In order to reduce the downtime, we started the predownload process on all APs. Unfortunately, after hours, hundreds of APs haven’t yet predownloaded the new image, so we were forced to postpone the upgrade.

Next days, the situation wasn’t changed a lot, since only few other APs were able to predownload the image, but most of them were not.

So we started troubleshooting the process and we discovered CAPWAP control messages are tagged from WLC and APs with DSCP CS6, as reported on Cisco Enterprise Mobility Design guide and as we saw through packet capture.

Packet capture

Cisco Design Guide

Usually CS6 packets are intended for IP routing protocols. Talking with provider, we discovered that some routers on MPLS have very small traffic queues for DSCP CS6 packets.

Consequently, we remarked DSCP value from CS6 to CS0 (best effort) for traffic generated by WLC.

After this change, we were able to predownload the image on the APs. Below the configuration for remarking traffic,

 1class-map match-all CAPWAPDATACS6
 2match access-group 110
 3match dscp cs6
 4!
 5policy-map CAPWAPDATACS6
 6class CAPWAPDATACS6
 7set dscp cs0
 8!
 9interface Gigabit0
10ip address 192.168.60.1 255.255.255.0
11service-policy input CAPWAPDATACS6
12!
13access-list 110 remark CAPWAP Control
14access-list 110 permit udp host 192.168.60.11 eq 5246 any

where 192.168.60.11 is the management IP address of WLC.

Fixed!