Nortel 2350 用户指南

Configuring and managing security ACLs 433

Nortel WLAN—Security Switch 2300 Series Configuration Guide

You can configure an ACE to filter based on a packet’s Differentiated Services Code Point (DSCP) value, and 
change the packet’s CoS based on the DSCP value. A CoS setting marked by an ACE overrides the CoS 
setting applied from the switch’s QoS map. 

 lists the CoS values to use when reassigning traffic to a different priority. The CoS determines the AP 

forwarding queue to use for the traffic when sending it to a wireless client. 

The easiest way to filter based on DSCP is to use the dscp codepoint option. The following commands remap 
IP packets from IP address 10.10.50.2 that have DSCP value 46 to have CoS value 7 when they are forwarded 
to any 10.10.90.x address on Distributed AP 4:

success: change accepted.

WSS# set security acl ip acl2 permit any
success: change accepted.

WSS# commit security acl acl2
success: change accepted.

WSS# set security acl map acl2 ap 4 out
success: change accepted.

You also can indirectly filter on DSCP by filtering on both the IP precedence and IP ToS values of a packet. 
However, this method requires two ACEs. To use this method, specify the combination of precedence and ToS 
values that is equivalent to the DSCP value. For example, to filter based on DSCP value 46, configure an ACL 
that filters based on precedence 5 and ToS 12. (To display a table of the precedence and ToS combinations for 
each DSCP value, use the show qos dscp-table command.)

Background

1 or 2

Best effort

0 or 3

Video

4 or 5 

Voice

6 or 7