3Com WX2200 3CRWX220095A Switch User Manual

Open as PDF

of 728

408 CHAPTER 19: CONFIGURING AND MANAGING SECURITY ACLS

WX1200# set security acl ip SVP permit cos 7 119 0.0.0.0

255.255.255.255 0.0.0.0 255.255.255.255

WX1200# set security acl ip SVP permit 0.0.0.0

255.255.255.255

WX1200# set security acl map SVP vlan v1 in

WX1200# set security acl map SVP vlan v1 out

WX1200# commit security acl SVP

The first ACE is needed only if the active-scan feature is enabled in the

radio profile. The ACE ensures that active-scan reduces its off-channel

time in the presence of FTP traffic from the TFTP server, by setting the CoS

of the server traffic to 7. This ACE gives CoS 7 to UDP traffic from TFTP

server 10.2.4.69 to any IP address, to or from any UDP port other than 0.

(For more information, see “RF Detection Scans” on page 571.)

The second ACE sets CoS to 7 for all SVP traffic.

The third ACE matches on all traffic that does not match on either of the

previous ACEs.

Reason the ACL Needs To Be Mapped to Both Traffic Directions If

the ACL is not also mapped to the inbound direction on the voice VLAN,

CoS will not be marked in the traffic if the path to the SVP handset is over

a tunnel. MSS does not support mapping an ACL to a tunneled VLAN.

When configured in a Mobility Domain, WX switches dynamically create

tunnels to bridge clients to non-local VLANs. A non-local VLAN is a VLAN

that is not configured on the WX that is forwarding the client's traffic. MSS

does not support mapping an ACL to a non-local VLAN. The CLI accepts the

configuration command but the command is not saved in the configuration.

Consider switch-1 with VLAN_A and switch-2 with VLAN_B. If a handset

connected to switch-2 is placed in VLAN_A, a tunnel is created between

switch-1 and switch-2. If an ACL is mapped to VLAN_A-out on switch-1,

it will affect local clients but not clients using the same VLAN on switch-2.

Also, if an ACL is mapped to VLAN_A-in on switch-1, it will affect remote

clients on switch-2, but not local clients. 3Com recommends mapping

ACLs both vlan-in and vlan-out to ensure proper CoS marking in both

directions.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

3Com WX2200 3CRWX220095A Switch User Manual