User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

251

252

253

254

255

256

257

258

259

260

250

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring and Managing Security ACLs

DWS-1008# set security acl map acl1 dap 2 out

success: change accepted.

The default action on an interface and trafc direction that has at least one access control

entry (ACE) congured, is to deny all trafc that does not match an ACE on that interface and

trafc direction. The permit 0.0.0.0 255.255.255.255 ACE ensures that trafc that does not

match the rst ACE is permitted. Without this additional ACE at the end, trafc that does not

match the other ACE is dropped.

Filtering Based on DSCP Values

To lter based on a Differentiated Services Code Point (DSCP) value, specify the combination

of precedence and ToS values that is equivalent to the DSCP value. For example, to lter

based on DSCP value 46, congure an ACL that lters based on precedence 5 and ToS 12.

(To display a table of the precedence and ToS combinations for each DSCP value, use the

show security acl dscp command.)

The following commands remap IP packets from IP address 10.10.50.2 that have DSCP

value 46 (equivalent to precedence value 5 and ToS value 12), to have CoS value 7 when

they are forwarded to any 10.10.90.x address on Distributed AP 4:

DWS-1008# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0

0.0.0.255 precedence 5 tos 12

success: change accepted.

DWS-1008# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0

0.0.0.255 precedence 5 tos 13

success: change accepted.

DWS-1008# set security acl ip acl2 permit 0.0.0.0 255.255.255.255

success: change accepted.

DWS-1008# commit security acl acl2

success: change accepted.

DWS-1008# set security acl map acl2 dap 4 out

success: change accepted.

The ACL contains two ACEs. The rst ACE matches on precedence 5 and ToS 12. The

second ACE matches on precedence 5 and ToS 13. The IP precedence and ToS elds use 7

bits, while the DSCP eld uses only 6 bits. Following the DSCP eld is a 2-bit ECN eld that

can be set by other devices based on network congestion. The second ACE is required to

ensure that the ACL matches regardless of the value of the seventh bit.

Class-of-Service (CoS) Packet Handling lists the CoS values to use when reassigning trafc

to a different priority. The CoS determines the AP forwarding queue to use for the trafc when

sending it to a wireless client.

Class-of-Service (CoS) Packet

Handling