Client Quality of Service
ACL
Cisco Small Business WAP371 Wireless Access Point Administration Guide
105
7
When you select Deny, the rule blocks all traffic that meets the rule criteria from
entering or exiting the WAP device (depending on the ACL direction you select). Traffic
that does not meet the criteria is forwarded unless this rule is the final rule. Because
there is an implicit deny all rule at the end of every ACL, traffic that is not explicitly
permitted is dropped.
•
Match Every Packet—If selected, the rule, which either has a permit or deny action,
matches the frame or packet regardless of its contents.
If you select this field, you cannot configure any additional match criteria. The Match
Every Packet option is selected by default for a new rule. You must clear the option to
configure other match fields.
For IPv4 ACLs, configure these parameters:
•
Protocol—The Protocol field to use an Layer 3 or Layer 4 protocol match condition
based on the value of the IP Protocol field in IPv4 packets or the Next Header field in
IPv6 packets.
If you select Protocol, select one of these options:
-
Select From List—Select one of these protocols: IP, ICMP, IGMP, TCP, or UDP.
-
Match to Value—Enter a standard IANA-assigned protocol ID from
0 to 255. Choose this method to identify a protocol not listed by name in the Select
From List.
•
Source IP Address—Requires a packet's source IP address to match the address listed
here. Enter an IP address in the appropriate field to apply this criteria.
•
Wild Card Mask—The source IP address wildcard mask.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard of
0.0.0.0 indicates that all bits are important. This field is required when Source IP
Address is checked.
A wildcard mask is basically the inverse of a subnet mask. For example, to match the
criteria to a single host address, use a wildcard mask of 0.0.0.0. To match the criteria to
a 24-bit subnet (for example, 192.168.10.0/24), use a wildcard mask of 0.0.0.255.
•
Source Port—Includes a source port in the match condition for the rule. The source port
is identified in the datagram header.
If you select Source Port, choose the port name or enter the port number.
-
Select From List—The keyword associated with the source port to match: ftp,
ftpdata, http, smtp, snmp, telnet, tftp, www.