Support User Manuals

Cisco Systems WAP321 Network Card User Manual

Open as PDF

of 179

Client Quality of Service

ACL

Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE 119

7

When you select Deny, the rule blocks all traffic that meets the rule criteria

from entering or exiting the WAP device (depending on the ACL direction

you select). Traffic that does not meet the criteria is forwarded unless this

rule is the final rule. Because there is an implicit deny all rule at the end of

every ACL, traffic that is not explicitly permitted is dropped.

• Match Every Packet—If selected, the rule, which either has a permit or deny

action, matches the frame or packet regardless of its contents.

If you select this field, you cannot configure any additional match criteria. The

Match Every Packet option is selected by default for a new rule. You must

clear the option to configure other match fields.

For IPv4 ACLs, configure these parameters:

• Protocol—The Protocol field to use an Layer 3 or Layer 4 protocol match

condition based on the value of the IP Protocol field in IPv4 packets or the

Next Header field in IPv6 packets.

If you select Protocol, select one of these options:

- Select From List—Select one of these protocols: IP, ICMP, IGMP, TCP, or

UDP.

- Match to Value—Enter a standard IANA-assigned protocol ID from

0 to 255. Choose this method to identify a protocol not listed by name in

the Select From List.

• Source IP Address—Requires a packet's source IP address to match the

address listed here. Enter an IP address in the appropriate field to apply this

criteria.

• Wild Card Mask—The source IP address wildcard mask.

The wildcard mask determines which bits are used and which bits are

ignored. A wildcard mask of 255.255.255.255 indicates that no bit is

important. A wildcard of 0.0.0.0 indicates that all bits are important. This field

is required when Source IP Address is checked.

A wildcard mask is basically the inverse of a subnet mask. For example, to

match the criteria to a single host address, use a wildcard mask of 0.0.0.0. To

match the criteria to a 24-bit subnet (for example, 192.168.10.0/24), use a

wildcard mask of 0.0.0.255.

• Source Port—Includes a source port in the match condition for the rule. The

source port is identified in the datagram header.

If you select Source Port, choose the port name or enter the port number.

previous next