3com WX2200 3CRWX220095A User Manual
Creating and Committing a Security ACL
383
MAP forwarding prioritization occurs automatically for Wi-Fi Multimedia
(WMM) traffic. You do not need to configure ACLs to provide WMM
prioritization. For non-WMM devices, you can provide MAP forwarding
prioritization by configuring ACLs.
(WMM) traffic. You do not need to configure ACLs to provide WMM
prioritization. For non-WMM devices, you can provide MAP forwarding
prioritization by configuring ACLs.
If you disable WMM, MAP forwarding prioritization is optimized for
SpectraLink Voice Priority (SVP) instead of WMM, and the MAP does not
tag packets it sends to the WX. Otherwise, the classification and tagging
described in “Displaying QoS Information” on page 345 remain in effect.
SpectraLink Voice Priority (SVP) instead of WMM, and the MAP does not
tag packets it sends to the WX. Otherwise, the classification and tagging
described in “Displaying QoS Information” on page 345 remain in effect.
If you plan to use SVP or another non-WMM type of prioritization, you
must configure ACLs to tag the packets. (See “Enabling Prioritization for
Legacy Voice over IP” on page 401.)
must configure ACLs to tag the packets. (See “Enabling Prioritization for
Legacy Voice over IP” on page 401.)
Optionally, for WMM or non-WMM traffic, you can use ACLs to change
the priority of traffic sent to a MAP or VLAN. (To change CoS for WMM or
non-WMM traffic, see “Using ACLs to Change CoS” on page 399.)
the priority of traffic sent to a MAP or VLAN. (To change CoS for WMM or
non-WMM traffic, see “Using ACLs to Change CoS” on page 399.)
Setting an ICMP ACL
With the following command, you can use security ACLs to set Internet
Control Message Protocol (ICMP) parameters for the ping command:
Control Message Protocol (ICMP) parameters for the ping command:
set security acl ip acl-name {permit [cos cos] | deny}
icmp {source-ip-addr mask | any} {destination-ip-addr mask|
any} [type icmp-type] [code icmp-code] [precedence
precedence] [tos tos] | [dscp codepoint]] [before
editbuffer-index | modify editbuffer-index] [hits]
icmp {source-ip-addr mask | any} {destination-ip-addr mask|
any} [type icmp-type] [code icmp-code] [precedence
precedence] [tos tos] | [dscp codepoint]] [before
editbuffer-index | modify editbuffer-index] [hits]
An ICMP ACL can filter packets by source and destination IP address, TOS
level, precedence, ICMP type, and ICMP code. For example, the following
command permits all ICMP packets coming from 192.168.1.3 and going
to 192.168.1.4 that also meet the following conditions:
level, precedence, ICMP type, and ICMP code. For example, the following
command permits all ICMP packets coming from 192.168.1.3 and going
to 192.168.1.4 that also meet the following conditions:
ICMP type is 11 (Time Exceeded).
ICMP code is 0 (Time to Live Exceeded).
Table 31 Class-of-Service (CoS) Packet Handling
Packet Priority Desired
CLI CoS Value to Enter
Background
1 or 2
Best effort
0 or 3
Video
4 or 5
Voice
6 or 7