236
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing Security ACLs
Class of Service
Class-of-service (CoS) assignment determines the priority treatment of packets transmitted
by a DWS-1008 switch, corresponding to a forwarding queue on the AP. The table below
shows the results of CoS priorities you assign in security ACLs.
Class-of-Service (CoS) Packet Handling
WMM Priority Desired
CLI CoS
Value to
Enter
Background
1
or
2
Best effort
0
or
3
Video
4
or
5
Voice
6
or
7
AP forwarding prioritization occurs automatically for Wi-Fi Multimedia (WMM) traffic. You do
not need to configure ACLs to provide WMM prioritization. For non-WMM devices, you can
provide AP forwarding prioritization by configuring ACLs.
If you disable WMM, AP forwarding prioritization is optimized for SpectraLink Voice Priority
(SVP) instead of WMM, and the AP does not tag packets it sends to the switch.
If you plan to use SVP or another non-WMM type of prioritization, you must configure ACLs
to tag the packets.
Optionally, for WMM or non-WMM traffic, you can use ACLs to change the priority of traffic
sent to an AP or VLAN.
Setting an ICMP ACL
With the following command, you can use security ACLs to set Internet Control Message
Protocol (ICMP) parameters for the
ping
command:
set security acl ip
acl-name
{
permit
[
cos
cos
] |
deny
}
icmp
{
source-ip-addr
mask
destination-ip-addr mask
} [
type
icmp-type
] [
code
icmp-code
] [
precedence
precedence
] [
tos
tos
] [
before
editbuffer-index
|
modify
editbuffer-index
] [
hits
]
An ICMP ACL can filter packets by source and destination IP address, TOS level, precedence,
ICMP type, and ICMP code. For example, the following command permits all ICMP packets
coming from 192.168.1.3 and going to 192.168.1.4 that also meet the following conditions:
• ICMP type is 11 (Time Exceeded).
• ICMP code is 0 (Time to Live Exceeded).
• Type-of-service level is 12 (minimum delay plus maximum throughput).
• Precedence is 7 (network control).
DWS-1008#
set security acl ip acl-3 permit icmp 192.168.1.3 0.0.0.0 192.168.1.4 0.0.0.0
type 11 code 0 precedence 7 tos 12 before 1 hits
Summary of Contents for DWS-1008
Page 1: ......