User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

241

242

243

244

245

246

247

248

249

250

236

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring and Managing Security ACLs

Class of Service

Class-of-service (CoS) assignment determines the priority treatment of packets transmitted

by a DWS-1008 switch, corresponding to a forwarding queue on the AP. The table below

shows the results of CoS priorities you assign in security ACLs.

Class-of-Service (CoS) Packet Handling

WMM Priority Desired

CLI CoS

Value to

Enter

Background 1 or 2

Best effort 0 or 3

Video 4 or 5

Voice 6 or 7

AP forwarding prioritization occurs automatically for Wi-Fi Multimedia (WMM) trafc. You do

not need to congure ACLs to provide WMM prioritization. For non-WMM devices, you can

provide AP forwarding prioritization by conguring ACLs.

If you disable WMM, AP forwarding prioritization is optimized for SpectraLink Voice Priority

(SVP) instead of WMM, and the AP does not tag packets it sends to the switch.

If you plan to use SVP or another non-WMM type of prioritization, you must congure ACLs

to tag the packets.

Optionally, for WMM or non-WMM trafc, you can use ACLs to change the priority of trafc

sent to an AP or VLAN.

Setting an ICMP ACL

With the following command, you can use security ACLs to set Internet Control Message

Protocol (ICMP) parameters for the ping command:

set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr

mask destination-ip-addr mask} [type icmp-type] [code icmp-code] [precedence

precedence] [tos tos] [before editbuffer-index | modify editbuffer-index] [hits]

An ICMP ACL can lter packets by source and destination IP address, TOS level, precedence,

ICMP type, and ICMP code. For example, the following command permits all ICMP packets

coming from 192.168.1.3 and going to 192.168.1.4 that also meet the following conditions:

• ICMP type is 11 (Time Exceeded).

• ICMP code is 0 (Time to Live Exceeded).

• Type-of-service level is 12 (minimum delay plus maximum throughput).

• Precedence is 7 (network control).

DWS-1008# set security acl ip acl-3 permit icmp 192.168.1.3 0.0.0.0 192.168.1.4 0.0.0.0

type 11 code 0 precedence 7 tos 12 before 1 hits