IT Operations & Cybersecurity Encyclopedia
QoS configuration for voice and video guide
Voice and video traffic are sensitive to delay, jitter, packet loss, congestion, and inconsistent markings. A practical QoS design classifies traffic correctly, protects trusted markings, applies queuing at congestion points, validates Microsoft Teams or VoIP behavior, and documents evidence across switches, firewalls, WAN circuits, and endpoints.
Why it matters
Design QoS around real congestion points
QoS does not create bandwidth. It determines how traffic is treated when congestion occurs. Voice and video quality improves when traffic is marked consistently, trusted at the right boundary, queued correctly on WAN and wireless links, and monitored with real call-quality evidence.
A strong QoS configuration should identify applications, ports, DSCP markings, endpoints, voice VLANs, switch trust settings, firewall behavior, SD-WAN or WAN policies, ISP limitations, wireless prioritization, and call-quality metrics.
This guide supports network operations planning. It does not replace vendor documentation, Microsoft Teams guidance, Cisco or firewall platform design guides, carrier SLAs, or a professional network assessment.
Practical rule: QoS should be validated with packet captures and call-quality data, not assumed from a configuration screenshot.
Review scope
QoS design and review areas
Traffic classification
Identify voice, video, screen sharing, signaling, conferencing, contact center, and application flows.
DSCP marking
Validate endpoint markings, group policy, Teams policy, phone behavior, firewall remarking, and packet captures.
Trust boundary
Define where markings are trusted, rewritten, or dropped across access switches, uplinks, firewalls, and WAN.
Queue design
Configure priority queues, bandwidth classes, shaping, policing, and SD-WAN policies at congestion points.
Wireless and remote users
Review Wi-Fi multimedia handling, SSID design, roaming, VPN behavior, and home-user limitations.
Monitoring and validation
Use packet captures, call-quality dashboards, WAN graphs, jitter/loss metrics, and user reports.
Review matrix
QoS configuration review matrix
| Area | What to verify | Questions to answer | Evidence |
|---|---|---|---|
| Applications | Review voice, video, screen sharing, SIP, RTP, Teams, conferencing, contact center, and critical app flows. | Which traffic needs special treatment? | Application list, port ranges, traffic classes, site scope, and owner signoff. |
| Markings | Review DSCP values, endpoint policy, phone markings, Teams settings, firewall behavior, and packet captures. | Are packets marked correctly end to end? | Packet capture, endpoint policy, phone config, firewall policy, and DSCP test results. |
| Trust boundary | Review access switch trust, voice VLAN, uplinks, firewall remarking, wireless policy, and WAN handoff. | Where are markings trusted or rewritten? | Switch config, VLAN notes, firewall export, wireless QoS, and WAN policy. |
| Queuing | Review priority queues, bandwidth allocation, shaping, policing, SD-WAN classes, and ISP limitations. | What happens during congestion? | Queue policy, bandwidth model, WAN graphs, carrier notes, and test results. |
| Quality | Review jitter, latency, packet loss, MOS, Teams call quality, meeting-room complaints, and site patterns. | Is user experience improving? | Call-quality report, site trend, ticket history, and before/after metrics. |
| Operations | Review QoS standard, templates, change control, exceptions, monitoring, and recurring validation. | Can QoS remain consistent over time? | Standard document, change tickets, exception list, monitoring dashboard, and review calendar. |
Step-by-step review
QoS configuration for voice and video runbook
Identify real-time traffic
List voice, video, signaling, screen sharing, Teams, SIP/RTP, contact center, meeting room, and conferencing flows.
Define DSCP policy
Choose approved DSCP markings for voice, video, signaling, and sharing traffic based on vendor guidance and network standards.
Set trust boundaries
Decide where markings are trusted, rewritten, or stripped across endpoints, phones, access switches, firewalls, wireless, and WAN.
Configure queuing at congestion points
Apply priority queuing, class bandwidth, shaping, or SD-WAN policy where links can congest, especially WAN and internet edges.
Validate with packet captures
Capture traffic at endpoints, switches, firewall, and WAN edge to confirm DSCP markings survive the intended path.
Measure call quality
Review jitter, packet loss, latency, MOS, Teams call-quality data, trouble tickets, and site-specific complaints.
Document and monitor
Record standards, templates, exceptions, validation evidence, dashboards, change-control process, and review cadence.
Common risks
Common QoS configuration mistakes
QoS is configured only on switches
Voice and video quality often depends on WAN, firewall, SD-WAN, Wi-Fi, and endpoint behavior too.
Markings are not trusted
DSCP values may be stripped or rewritten if trust boundaries are not defined and validated.
No congestion point is identified
QoS matters most where traffic queues. Applying it in the wrong place may not improve calls.
All video is treated as voice
Voice, video, screen sharing, signaling, and business data may need different classes and bandwidth behavior.
ISP or VPN behavior is ignored
Some providers, internet paths, and VPN tunnels may not preserve or honor internal markings.
Validation relies on screenshots
Packet captures and call-quality data are needed to prove QoS behavior and user-experience improvement.
Related support
Where IT Perfection can help
IT Perfection can help design QoS policies, validate voice and video markings, troubleshoot call quality, and align switch, firewall, wireless, WAN, and Microsoft Teams settings.
OC Security Audit can help review network segmentation, firewall paths, monitoring evidence, and operational controls when voice and video systems affect security or compliance.
Created by Ali Hassani, CISO
Professional QoS design and voice/video troubleshooting support
Ali Hassani brings 25+ years of hands-on experience across IT operations, cybersecurity, Microsoft infrastructure, network security, compliance readiness, cloud services, healthcare IT, MSP services, and business technology leadership.
This guide is for initial education and planning. It does not replace a professional cybersecurity audit, compliance assessment, penetration test, legal review, vendor engineering review, or Microsoft professional services engagement.
QoS must be designed, validated, and monitored
A professional QoS program connects DSCP marking, trust boundaries, queuing, WAN behavior, Teams or VoIP evidence, and user-experience metrics.
FAQ
QoS configuration for voice and video FAQ
Does QoS increase bandwidth?
No. QoS prioritizes traffic during congestion; it does not create additional bandwidth or fix an undersized circuit by itself.
Where should QoS be applied?
Apply QoS at congestion points and preserve markings across endpoints, switches, firewalls, wireless, WAN, SD-WAN, and cloud paths where possible.
How do we prove QoS is working?
Use packet captures, DSCP validation, queue statistics, WAN graphs, call-quality reports, jitter, loss, latency, and before/after user-experience data.
Why do Teams calls still have issues after QoS?
Problems can come from Wi-Fi, endpoint CPU, home networks, VPN, internet loss, firewall inspection, ISP behavior, Microsoft service path, or insufficient bandwidth.