IT Operations & Cybersecurity Encyclopedia

QoS configuration for voice and video guide

Voice and video traffic are sensitive to delay, jitter, packet loss, congestion, and inconsistent markings. A practical QoS design classifies traffic correctly, protects trusted markings, applies queuing at congestion points, validates Microsoft Teams or VoIP behavior, and documents evidence across switches, firewalls, WAN circuits, and endpoints.

QoSDSCPVoice VLANMicrosoft TeamsWAN queuing

Why it matters

Design QoS around real congestion points

QoS does not create bandwidth. It determines how traffic is treated when congestion occurs. Voice and video quality improves when traffic is marked consistently, trusted at the right boundary, queued correctly on WAN and wireless links, and monitored with real call-quality evidence.

A strong QoS configuration should identify applications, ports, DSCP markings, endpoints, voice VLANs, switch trust settings, firewall behavior, SD-WAN or WAN policies, ISP limitations, wireless prioritization, and call-quality metrics.

This guide supports network operations planning. It does not replace vendor documentation, Microsoft Teams guidance, Cisco or firewall platform design guides, carrier SLAs, or a professional network assessment.

Practical rule: QoS should be validated with packet captures and call-quality data, not assumed from a configuration screenshot.

Review scope

QoS design and review areas

Traffic classification

Identify voice, video, screen sharing, signaling, conferencing, contact center, and application flows.

DSCP marking

Validate endpoint markings, group policy, Teams policy, phone behavior, firewall remarking, and packet captures.

Trust boundary

Define where markings are trusted, rewritten, or dropped across access switches, uplinks, firewalls, and WAN.

Queue design

Configure priority queues, bandwidth classes, shaping, policing, and SD-WAN policies at congestion points.

Wireless and remote users

Review Wi-Fi multimedia handling, SSID design, roaming, VPN behavior, and home-user limitations.

Monitoring and validation

Use packet captures, call-quality dashboards, WAN graphs, jitter/loss metrics, and user reports.

Review matrix

QoS configuration review matrix

AreaWhat to verifyQuestions to answerEvidence
ApplicationsReview voice, video, screen sharing, SIP, RTP, Teams, conferencing, contact center, and critical app flows.Which traffic needs special treatment?Application list, port ranges, traffic classes, site scope, and owner signoff.
MarkingsReview DSCP values, endpoint policy, phone markings, Teams settings, firewall behavior, and packet captures.Are packets marked correctly end to end?Packet capture, endpoint policy, phone config, firewall policy, and DSCP test results.
Trust boundaryReview access switch trust, voice VLAN, uplinks, firewall remarking, wireless policy, and WAN handoff.Where are markings trusted or rewritten?Switch config, VLAN notes, firewall export, wireless QoS, and WAN policy.
QueuingReview priority queues, bandwidth allocation, shaping, policing, SD-WAN classes, and ISP limitations.What happens during congestion?Queue policy, bandwidth model, WAN graphs, carrier notes, and test results.
QualityReview jitter, latency, packet loss, MOS, Teams call quality, meeting-room complaints, and site patterns.Is user experience improving?Call-quality report, site trend, ticket history, and before/after metrics.
OperationsReview QoS standard, templates, change control, exceptions, monitoring, and recurring validation.Can QoS remain consistent over time?Standard document, change tickets, exception list, monitoring dashboard, and review calendar.

Step-by-step review

QoS configuration for voice and video runbook

1

Identify real-time traffic

List voice, video, signaling, screen sharing, Teams, SIP/RTP, contact center, meeting room, and conferencing flows.

2

Define DSCP policy

Choose approved DSCP markings for voice, video, signaling, and sharing traffic based on vendor guidance and network standards.

3

Set trust boundaries

Decide where markings are trusted, rewritten, or stripped across endpoints, phones, access switches, firewalls, wireless, and WAN.

4

Configure queuing at congestion points

Apply priority queuing, class bandwidth, shaping, or SD-WAN policy where links can congest, especially WAN and internet edges.

5

Validate with packet captures

Capture traffic at endpoints, switches, firewall, and WAN edge to confirm DSCP markings survive the intended path.

6

Measure call quality

Review jitter, packet loss, latency, MOS, Teams call-quality data, trouble tickets, and site-specific complaints.

7

Document and monitor

Record standards, templates, exceptions, validation evidence, dashboards, change-control process, and review cadence.

Common risks

Common QoS configuration mistakes

QoS is configured only on switches

Voice and video quality often depends on WAN, firewall, SD-WAN, Wi-Fi, and endpoint behavior too.

Markings are not trusted

DSCP values may be stripped or rewritten if trust boundaries are not defined and validated.

No congestion point is identified

QoS matters most where traffic queues. Applying it in the wrong place may not improve calls.

All video is treated as voice

Voice, video, screen sharing, signaling, and business data may need different classes and bandwidth behavior.

ISP or VPN behavior is ignored

Some providers, internet paths, and VPN tunnels may not preserve or honor internal markings.

Validation relies on screenshots

Packet captures and call-quality data are needed to prove QoS behavior and user-experience improvement.

Related support

Where IT Perfection can help

IT Perfection can help design QoS policies, validate voice and video markings, troubleshoot call quality, and align switch, firewall, wireless, WAN, and Microsoft Teams settings.

OC Security Audit can help review network segmentation, firewall paths, monitoring evidence, and operational controls when voice and video systems affect security or compliance.

Created by Ali Hassani, CISO

Professional QoS design and voice/video troubleshooting support

Ali Hassani brings 25+ years of hands-on experience across IT operations, cybersecurity, Microsoft infrastructure, network security, compliance readiness, cloud services, healthcare IT, MSP services, and business technology leadership.

This guide is for initial education and planning. It does not replace a professional cybersecurity audit, compliance assessment, penetration test, legal review, vendor engineering review, or Microsoft professional services engagement.

QoS must be designed, validated, and monitored

A professional QoS program connects DSCP marking, trust boundaries, queuing, WAN behavior, Teams or VoIP evidence, and user-experience metrics.

FAQ

QoS configuration for voice and video FAQ

Does QoS increase bandwidth?

No. QoS prioritizes traffic during congestion; it does not create additional bandwidth or fix an undersized circuit by itself.

Where should QoS be applied?

Apply QoS at congestion points and preserve markings across endpoints, switches, firewalls, wireless, WAN, SD-WAN, and cloud paths where possible.

How do we prove QoS is working?

Use packet captures, DSCP validation, queue statistics, WAN graphs, call-quality reports, jitter, loss, latency, and before/after user-experience data.

Why do Teams calls still have issues after QoS?

Problems can come from Wi-Fi, endpoint CPU, home networks, VPN, internet loss, firewall inspection, ISP behavior, Microsoft service path, or insufficient bandwidth.