Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

321

322

323

324

325

326

327

328

329

330

Restricting Client-To-Client Forwarding Among IP-Only Clients

15-28 Configuring and Managing Security ACLs

Example

ThefollowingcommandsconfigureanACEtoprioritize SVPtrafficandmaptheACEtothe 

outbounddirectionofthevoiceVLAN:

RBT-8100# set security acl ip SVP permit cos 7 udp 10.2.4.69 255.255.255.255 gt 0

any gt 0

RBT-8100# set security acl ip SVP permit cos 7 119 0.0.0.0 255.255.255.255 0.0.0.0

255.255.255.255

RBT-8100# set security acl ip SVP permit 0.0.0.0 255.255.255.255

RBT-8100# set security acl map SVP vlan v1 in

RBT-8100# set security acl map SVP vlan v1 out

RBT-8100# commit security acl SVP

Setting 802.11b/g Radios to 802.11b (for Siemens SpectraLink VoIP Phones only)

IfyouplantouseSiemensSpectraLinkVoiceoverIP(VoIP)phones,youmustchangetheAP

radiosthatwillsupportthephonestooperatein802.11bmodeonly.Thistypeofphoneexpects

theAPtooperateat802.11bratesonly,notat802.11grates.Tochangearadioto

support802.11b

modeonly,usethe radiotype 11boptionwiththesetporttypeaporsetdapcommand.

Disabling RF Auto-Tuning Before Upgrading a SpectraLink Phone

IfyouplantoupgradeaSpectraLinkphoneusingTFTPoveranAP,EnterasysNetworks

recommendsthatyoudisableRFAuto‐Tuningbefore youbegin theupgrade.Thisfeaturecan

increasethelengthoftimerequiredfortheupgrade.YoucandisableRFAuto‐Tuningonaradio‐

profilebasis.

Example

Usethefollowingcommands:

RBT-8100# set radio-profile name auto-tune channel-config disable

RBT-8100# set radio-profile name auto-tune power-config disable

Restricting Client-To-Client Forwarding Among IP-Only Clients

YoucanuseanACLtorestrictclientsinaVLANfromcommunicatingdirectlyattheIPlayer.

ConfigureanACLthathasACEstopermittraffictoandfromthegatewayrouter,anACEthat

deniestrafficbetweenallotheraddresseswithinthesubnets,andanotherACEthatallowstraffic



thatdoesn’tmatchtheotherACEs.

Forexample,torestrictclient‐to‐clientforwardingwithinsubnet10.10.11.0/24inVLANvlan‐1

withgateway10.10.11.8,performthefollowingsteps:

1. ConfigureanACEthatpermitsalltrafficfromthegatewayIPaddresstoanyotherIPaddress:

set security acl ip c2c permit 10.10.11.8 0.0.0.0

2. ConfigureanACEthatpermitstrafficfromanyIPaddresstothegatewayIPaddress:

set security acl ip c2c permit ip 0.0.0.0 255.255.255.255 10.10.11.8 0.0.0.0

Note: AN ACL can restrict IP forwarding but not Layer 2 forwarding. To restrict Layer 2 forwarding,

see “Restricting Client-To-Client Forwarding Among IP-Only Clients” on page 15-28.