Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

301

302

303

304

305

306

307

308

309

310

Creating and Committing a Security ACL

15-6 Configuring and Managing Security ACLs

APforwardingprioritizationoccursautomaticallyforWi‐FiMultimedia(WMM)traffi c.Youdo

notneedtoconfigureACLstoprovideWMMprioritization.Fornon‐WMMdevices,youcan

provideAPforwarding prioritizationbyconfiguringACLs.

IfyoudisableWMM,APforwardingprioritizat ion isoptimizedforSpectraLinkVoicePriority

(SVP)insteadof

WMM,andtheAPdoesnottagpacketsitsendstotheRAS.Otherwise,the

classificationandtaggingdescribedin“QoSMode”onpage 12‐3remainineffect.

IfyouplantouseSVPoranothernon‐WMMtypeofprioritization,youmustconfigureACLsto

tagthepackets.

(See“EnablingPrioritizationforLegacyVoiceoverIP”onpage 15‐23.)

Optionally,forWMMornon‐WMMtraffic,youcanuseACLstochange thepriorityoftrafficsent

toanAPorVLAN.(TochangeCoSfor WMMornon‐WMMtraffi c,see“UsingACLstoChange

CoS”

onpage 15‐20.)

Setting an ICMP ACL

Withthefollowingcommand,youcanusesecurityACLstosetInternetControlMessageProtocol

(ICMP)parametersforthepingcommand:

set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr mask

destination-ip-addr mask} [type icmp-type] [code icmp-code] [precedence

precedence] [tos tos] [before editbuffer-index | modify editbuffer-index] [hits]

AnICMPACLcanfilterpacketsbysourceanddestinationIPaddress,TOSlevel,precedence,

ICMPtype,andICMPcode.

Example

ThefollowingcommandpermitsallICMPpacketscomingfrom192.168.1.3andgoingto

192.168.1.4thatalsomeetthefollowingconditions:

•ICMPtypeis11(TimeExceeded).

•ICMPcodeis0(TimetoLiveExceeded).

•Type‐of‐servicelevelis12(minimumdelayplusmaximumthroughput).

•Precedenceis7(networkcontrol).

RBT-8100# set security acl ip acl-3 permit icmp 192.168.1.3 0.0.0.0 192.168.1.4

0.0.0.0 type 11 code 0 precedence 7 tos 12 before 1 hits

Thebefore1portionoftheACEplacesitbeforeanyothersintheACL,soithasprecedenceover

anylaterACEsforanyparametersettingsthataremet.

FormoreinformationaboutchangingtheorderofACEsorotherwisemodifyingsecurityACLs,

see“ModifyingaSecurityACL”on

page 15‐16.ForinformationaboutTOSandprecedencelevels,

seetheRoamAboutMobilitySystemSoftwareCommandLineInterfaceReference.ForCoSdetails,see 

“ClassofService”onpage 15‐5.

ICMPincludesmanymessagesthatareidentifiedbyatypefield.Somealsohaveacodewithin

thattype.Table 15‐

3onpage 15‐7listssomecommonICMPtypesandcodes.Formore

information,seewww.iana.org/assignments/icmp‐parameters.