manualshive.com logo in svg

H3C WA2200 Series, Configuration Manual

The H3C WA2200 Series offers exceptional networking capabilities. Easily set up and configure this advanced product using our comprehensive configuration manual. Download the manual for free from manualshive.com and unleash the full potential of your H3C WA2200 Series device.

Share
Download
background image

 

4-9 

To do… 

Use the command… 

Remarks 

Create or edit a rule 

rule

 [ 

rule-id

 ] { 

deny

 | 

permit

 } 

protocol 

[ { { 

ack

 

ack-value

 | 

fin

 

fin-value

 | 

psh

 

psh-value

 | 

rst

 

rst-value

 | 

syn

 

syn-value

 | 

urg

 

urg-value

 } * 

established

 } | 

destination

 {

 dest dest-prefix | 

dest/dest-prefix | any 

} | 

destination-port 

operator port1

 [

 port2 

] | 

dscp

 

dscp | 

fragment

 | 

icmp6-type

 { 

icmp6-type

 

icmp6-code 

icmp6-message

 } |

 logging

 |

 

source

 {

 source source-prefix | 

source/source-prefix | any 

} | 

source-port 

operator port1

 [

 port2 

] |

 time-range

 

time-range-name

 ] * 

Required 

By default IPv6 advanced ACL does not 
contain any rule. 

To create or edit multiple rules, repeat 
this step.  

The 

logging 

keyword takes effect only 

when the module using the ACL 
supports logging. 

Configure or edit a 
rule description 

 

rule

 

rule-id comment

 

text

 

Optional 

By default, an IPv6 advanced ACL rule 
has no rule description.

 

 

Configuring an Ethernet Frame Header ACL 

Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol 

header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), 

and link layer protocol type.  

Follow these steps to configure an Ethernet frame header ACL: 

To do… 

Use the command… 

Remarks 

Enter system view

 

system-view –– 

Create an Ethernet frame 
header ACL and enter its 
view

 

acl number

 

acl-number 

name 

acl-name

 ] [ 

match-order

 { 

auto 

config

 } ] 

Required 

By default, no ACL exists. 

Ethernet frame header ACLs are numbered 
in the range 4000 to 4999. 

You can use the 

acl

 

name

 

acl-name

 

command to enter the view of an existing 
named Ethernet frame header ACL.

 

Configure a description 
for the Ethernet frame 
header ACL 

description

 

text 

Optional 

By default, an Ethernet frame header ACL 
has no ACL description. 

Set the rule numbering 
step  

step

 

step-value 

Optional 

5 by default. 

Create or edit a rule

 

rule 

rule-id

 ] { 

deny

 | 

permit 

cos vlan-pri

 | 

dest-mac

 

dest-addr

 

dest-mask

 | { 

lsap lsap-type

 

lsap-type-mask

 | 

type

 

protocol-type

 

protocol-type-mask

 } 

source-mac

 

sour-addr

 

source-mask

 | 

time-range

 

time-range-name

 ] * 

Required 

By default, an Ethernet frame header ACL 
does not contain any rule. 

To create or edit multiple rules, repeat this 
step. 

Configure or edit a rule 
description 

 

rule

 

rule-id comment

 

text

 

Optional 

By default, an Ethernet frame header ACL 
rule has no rule description.

 

 

Summary of Contents for WA2200 Series

Page 1: ...H3C WA Series WLAN Access Points ACL and QoS Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 6W100 20100910 ...

Page 2: ...are Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of th...

Page 3: ...ribes the conventions used in this documentation set Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated b...

Page 4: ...cuments Purposes Marketing brochures Describe product specifications and benefits Product description and specifications Technology white papers Provide an in depth description of software features and technologies Compliance and safety manual Provides regulatory information and the safety instructions that must be followed during installation Quick start Guides you through initial installation an...

Page 5: ...ntation on the World Wide Web at http www h3c com Click the links on the top navigation bar to obtain different categories of product documentation Technical Support Documents Technical Documents Provides hardware installation software upgrading getting started and software feature configuration and maintenance documentation Products Solutions Provides information about products and technologies a...

Page 6: ...ced ACL 4 7 Configuring an Ethernet Frame Header ACL 4 9 Copying an ACL 4 10 Displaying and Maintaining ACLs 4 10 ACL Configuration Examples 4 10 IPv4 ACL Configuration Example 4 10 IPv6 ACL Configuration Example 4 12 5 QoS Overview 5 1 Introduction to QoS 5 1 Introduction to QoS Service Models 5 1 Best Effort Service Model 5 1 IntServ Service Model 5 2 DiffServ Service Model 5 2 QoS Techniques Ov...

Page 7: ...iority 7 3 Priority Mapping Overview 7 3 Introduction to Priority Mapping 7 3 Introduction to Priority Mapping Tables 7 4 Priority Mapping Configuration Task List 7 5 Configuring Priority Mapping 7 6 Configuring a Priority Mapping Table 7 6 Configuring a Port to Trust Packet Priority for Priority Mapping 7 6 Changing the Port Priority of an Interface 7 7 Displaying and Maintaining Priority Mapping...

Page 8: ...cess points include the WA2200 series and WA2600 series Table 1 1 shows the applicable models and software versions Table 1 1 Applicable models and software versions Series Model Software version WA2210 AG WA2200 series access points indoors WA2220 AG WA2210X G WA2200 series WA2200 series access points outdoors WA2220X AG R 1115 WA2610 AGN WA2612 AGN WA2600 series access points indoors WA2620 AGN ...

Page 9: ...S Not supported Supported 802 11n radio mode Not supported Supported 802 11n bandwidth mode Not supported Supported WLAN Configuration Guide 802 11n rate configuration Not supported Supported Optical Ethernet interface Supported on WA2210X G WA2220X AG only Not supported Layer 2 LAN Switching Configuration Guide GE interface Not supported Supported DHCP server configuration Not supported Supported...

Page 10: ... that support the 802 11b g radio mode support this command Only APs that support the 802 11b g radio mode support this command radio type Keywords dot11an and dot11gn not supported Supported WLAN service commands short gi enable Not supported Supported dot11a disabled rate mandatory rate supported rate rate value Only APs that support 802 11a radio mode support this command Only APs that support ...

Page 11: ...ching Command Reference The maximum number of unknown unicast packets allowed on an Ethernet interface per second unicast suppression ratio pps max pps pps max pps ranges from 1 to 148810 pps max pps ranges from 1 to 1488100 DHCP commands DHCP server configuration commands Not supported Supported display ipv6 dhcp client interface interface type interface number Not supported Supported display ipv...

Page 12: ...ime Range z Configuring a WLAN ACL z Configuring a Basic ACL z Configuring an Advanced ACL z Configuring an Ethernet Frame Header ACL z Copying an ACL z Displaying and Maintaining ACLs z ACL Configuration Examples Unless otherwise stated ACLs refer to both IPv4 and IPv6 ACLs throughout this document ACL Overview An access control list ACL is a set of rules or permit or deny statements for identify...

Page 13: ...s When creating an ACL you must assign it a number for identification and in addition you can also assign the ACL a name for the ease of identification After creating an ACL with a name you can neither rename it nor delete its name You cannot assign a name for a WLAN ACL For a WLAN and Ethernet frame header the ACL number and name must be globally unique For an IPv4 basic or advanced ACLs its ACL ...

Page 14: ... longer prefix means a narrower IP address range 2 Smaller ID IPv6 advanced ACL 1 Specific protocol type rather than IP IP represents any protocol over IPv6 2 Longer prefix for the source IPv6 address 3 Longer prefix for the destination IPv6 address 4 Narrower TCP UDP service port number range 5 Smaller ID Ethernet frame header ACL 1 More 1s in the source MAC address mask more 1s means a smaller M...

Page 15: ... rules numbered 5 10 13 15 and 20 changing the step from 5 to 2 causes the rules to be renumbered 0 2 4 6 and 8 Implementing Time Based ACL Rules You can implement ACL rules based on the time of day by applying a time range to them A time based ACL rule takes effect only in any time periods specified by the time range Two basic types of time range are available z Periodic time range which recurs p...

Page 16: ... To do Use the command Remarks Enter system view system view Create a time range time range time range name start time to end time days from time1 date1 to time2 date2 from time1 date1 to time2 date2 to time2 date2 Required By default no time range exists You may create time ranges identified with the same name They are regarded as one time range whose active period is the result of ORing periodic...

Page 17: ...Enter system view system view Create an IPv4 basic ACL and enter its view acl number acl number name acl name match order auto config Required By default no ACL exists IPv4 basic ACLs are numbered in the range 2000 to 2999 You can use the acl name acl name command to enter the view of an existing named IPv4 ACL Configure a description for the IPv4 basic ACL description text Optional By default an ...

Page 18: ... text Optional By default an IPv6 basic ACL rule has no rule description Configuring an Advanced ACL Configuring an IPv4 advanced ACL IPv4 advanced ACLs match packets based on source and destination IP addresses protocols over IP and other protocol header information such as TCP UDP source and destination port numbers TCP flags ICMP message types and ICMP message codes IPv4 advanced ACLs also allo...

Page 19: ... advanced ACL rule has no rule description Configuring an IPv6 Advanced ACL IPv6 advanced ACLs match packets based on the source IPv6 address destination IPv6 address protocol carried over IPv6 and other protocol header fields such as the TCP UDP source port number TCP UDP destination port number ICMP message type and ICMP message code Compared with IPv6 basic ACLs they allow of more flexible and ...

Page 20: ...2 1p priority VLAN priority and link layer protocol type Follow these steps to configure an Ethernet frame header ACL To do Use the command Remarks Enter system view system view Create an Ethernet frame header ACL and enter its view acl number acl number name acl name match order auto config Required By default no ACL exists Ethernet frame header ACLs are numbered in the range 4000 to 4999 You can...

Page 21: ... generate a new one of the same category acl ipv6 copy source acl6 number name source acl6 name to dest acl6 number name dest acl6 name Required Displaying and Maintaining ACLs To do Use the command Remarks Display configuration and match statistics for one or all IPv4 ACLs display acl acl number all name acl name Available in any view Display configuration and match statistics for one or all IPv6...

Page 22: ... a rule to allow access from the President s office to the salary server AP acl adv 3000 rule 1 permit ip source 129 111 1 2 0 0 0 0 destination 129 110 1 2 0 0 0 0 AP acl adv 3000 quit Create an advanced IPv4 ACL numbered 3001 and enter its view AP acl number 3001 Create a rule to deny access from any other department to the salary server during working hours AP acl adv 3001 rule 1 deny ip source...

Page 23: ...ddress 4050 9000 to 4050 90FF AP acl6 basic 2000 rule 1 permit source 4050 9000 120 AP acl6 basic 2000 quit Create a basic IPv6 ACL numbered 2001 and enter its view AP acl ipv6 number 2001 Create a rule to deny access from other IPv6 addresses AP acl6 basic 2001 rule 1 deny source any AP acl6 basic 2001 quit 2 Apply the ACLs Apply ACL 2000 and ACL 2001 AP traffic classifier access1 AP classifier a...

Page 24: ...The contention for resources demands that QoS prioritize important traffic flows over trivial traffic flows When making a QoS scheme a network administrator must consider the characteristics of various applications to balance the interests of diversified users and fully utilize network resources The subsequent section describes some typical QoS service models and widely used mature QoS techniques ...

Page 25: ...h maintain resource state information for each flow The model is suitable for small sized or edge networks but not large sized networks for example the core layer of the Internet where billions of flows are present For more information about RSVP see MPLS TE in the MPLS Configuration Guide DiffServ Service Model The differentiated service DiffServ model is a multiple service model that can satisfy...

Page 26: ...eshold to prevent aggressive use of network resources You can apply traffic policing to both incoming and outgoing traffic of a port z Traffic shaping proactively adapts the output rate of traffic to the network resources available on the downstream AP to eliminate packet drops Traffic shaping usually applies to the outgoing traffic of a port z Congestion management provides a resource scheduling ...

Page 27: ... subsequent QoS actions 2 The QoS module takes various QoS actions on classified traffic as configured depending on the traffic processing phase and network status For example you may configure the QoS module to perform traffic policing for incoming traffic traffic shaping for outgoing traffic congestion avoidance before congestion occurs and congestion management when congestion occurs ...

Page 28: ...ach In policy approach you configure QoS service parameters by using QoS policies A QoS policy defines the shaping policing or other QoS actions to take on different classes of traffic It is a set of class behavior associations A class is a set of match criteria for identifying traffic It uses the AND or OR operator z If the operator is AND a packet must match all the criteria to match the class z...

Page 29: ...lass if it matches any of the criteria in the class Configure match criteria if match match criteria Required For more information see the if match command in QoS in the ACL and QoS Command Reference Defining a Traffic Behavior A traffic behavior is a set of QoS actions such as traffic filtering traffic policing and priority mapping to take on a class of traffic To define a traffic behavior first ...

Page 30: ...ply the QoS policy to an interface To do Use the command Remarks Enter system view system view Define a QoS policy and enter QoS policy view qos policy policy name Required Associate a class with a behavior in the QoS policy classifier tcl name behavior behavior name Required Repeat this step to create more class behavior associations Enter interface view interface interface type interface number ...

Page 31: ...y the configuration of one or all classes in one or all QoS policies and the associated behaviors of the classes display qos policy user defined policy name classifier tcl name Available in any view Display QoS policy configuration on the specified or all interfaces display qos policy interface interface type interface number inbound outbound Available in any view ...

Page 32: ...s shown in Figure 7 1 the ToS field of the IP header contains eight bits and the first three bits 0 to 2 represent IP precedence from 0 to 7 According to RFC 2474 the ToS field of the IP header is redefined as the differentiated services DS field where a DSCP value is represented by the first six bits 0 to 5 and is in the range 0 to 63 The remaining two bits 6 and 7 are reserved Table 7 1 Descript...

Page 33: ...0 cs6 56 111000 cs7 0 000000 be default 802 1p Priority 802 1p priority lies in the Layer 2 header and is applicable to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2 Figure 7 2 An Ethernet frame with an 802 1Q tag header As shown in Figure 7 2 the 4 byte 802 1Q tag header consists of the tag protocol identifier TPID two bytes in length whose value is 0x81...

Page 34: ... 3 011 excellent effort 4 100 controlled load 5 101 video 6 110 voice 7 111 network management 802 11e Priority To provide QoS services on WLAN the 802 11e standard was developed IEEE 802 11e is a MAC layer enhancement to IEEE 802 11 IEEE 802 11e adds a 2 byte QoS Control field to the 802 11e MAC frame header Three bits of the QoS control field represents the 802 11e priority which ranges from 0 t...

Page 35: ...02 11e to local priority mapping table z dot1p lp 802 1p to local priority mapping table z dscp lp DSCP to local priority mapping table which applies to only IP packets z lp dot11e Local to 802 11e priority mapping table z lp dot1p Local to 802 1p priority mapping table z lp dscp Local to DSCP priority mapping table Table 7 4 through Table 7 7 list the default priority mapping tables Table 7 4 The...

Page 36: ...priority mapping in two approaches z Configuring priority trust mode In this approach you can configure a port to look up the priority mapping tables based on a certain priority such as 802 1p carried in incoming packets If no packet priority is trusted the port priority of the incoming port is used z Changing port priority By default all ports are assigned the port priority of zero By changing th...

Page 37: ...p lp lp dot11e lp dot1p lp dscp Optional Available in any view Configuring a Port to Trust Packet Priority for Priority Mapping You can configure the AP to trust a particular priority field carried in packets for priority mapping on ports or globally When configuring the priority trust mode for a port you can select the following keywords z dot11e Uses the 802 11e priority of the received packets ...

Page 38: ...y Mapping To do Use the command Remarks Display priority mapping table configuration information display qos map table dot11e lp dot1p lp lp dot11e lp dot1p Available in any view Display the priority trust mode and port priority of the specified interface or all interfaces display qos trust interface interface type interface number Available in any view Priority Mapping Configuration Example Netwo...

Page 39: ...Ethernet1 0 1 quit Switch 2 Configure the AP Enter system view AP system view Configure a WLAN network for each of the two departments with the SSID being PART1 and PART2 respectively Bind the two WLAN networks to WLAN BSS 1 and WLAN BSS 2 respectively AP wlan service template 1 clear AP wlan st 1 ssid PART1 AP wlan st 1 service template enable AP wlan st 1 quit Create interface WLAN BSS1 and conf...

Page 40: ...apping and configure port Ethernet 1 0 1 as a trunk port AP interface ethernet 1 0 1 AP Ethernet1 0 1 qos trust dot1p AP Ethernet1 0 1 port link type trunk Assign port Ethernet 1 0 1 to VLAN 1 through VLAN 3 AP Ethernet1 0 1 port trunk permit vlan 1 to 3 AP Ethernet1 0 1 quit With these configurations completed when you copy files to Host A and Host B or load files to Host A and Host B through the...

Page 41: ...ntaining ACLs 4 10 Displaying and Maintaining Priority Mapping 7 7 Displaying and Maintaining QoS Policies 6 3 I Introduction to Packet Precedences 7 1 Introduction to QoS Service Models 5 1 Introduction to QoS 5 1 P Priority Mapping Configuration Example 7 7 Priority Mapping Configuration Task List 7 5 Priority Mapping Overview7 3 Q QoS Configuration Approach Overview 6 1 QoS Techniques Overview ...

Reviews:

No comments

Related manuals for WA2200 Series

3Com 3CRWE51196 - OfficeConnect Wireless Cable/DSL... Supplementary Manual preview
3CRWE51196 - OfficeConnect Wireless Cable/DSL...
Brand: 3Com Pages: 6
H3C MSR900-E Routers Installation, Quick Start preview
MSR900-E Routers
Brand: H3C Pages: 2
Emka Electronics 3000-U981-02 User Manual preview
3000-U981-02
Brand: Emka Electronics Pages: 7
GSD WC5FM2601F User Manual preview
WC5FM2601F
Brand: GSD Pages: 5
Zte Unite User Manual preview
Unite
Brand: Zte Pages: 29
Spectrum 24 AP-4111 DS Product Reference Manual preview
AP-4111 DS
Brand: Spectrum 24 Pages: 142
Ebyte E22-900T30S1C User Manual preview
E22-900T30S1C
Brand: Ebyte Pages: 27
Sugar JW-MRD-6001 Quick Start Manual preview
JW-MRD-6001
Brand: Sugar Pages: 6
Zoomnet Bgate-GT10-I User Manual preview
Bgate-GT10-I
Brand: Zoomnet Pages: 31
Zoomnet Bgate-GT10-D24-N22-P User Manual preview
Bgate-GT10-D24-N22-P
Brand: Zoomnet Pages: 31
3Com 3CRWX385075A - Wireless LAN Managed Access Point 3850 Quick Installation Manual preview
3CRWX385075A - Wireless LAN Managed Access Point 3850
Brand: 3Com Pages: 20
Zte SD6200 User Manual And Safety Information preview
SD6200
Brand: Zte Pages: 36
Digitus Wireless Internet Broadband User Manual preview
Wireless Internet Broadband
Brand: Digitus Pages: 66
A7 Engineering EmbeddedBlue 500 User Manual preview
EmbeddedBlue 500
Brand: A7 Engineering Pages: 90
Mach Power WL-ICDBG24-073 User Manual preview
WL-ICDBG24-073
Brand: Mach Power Pages: 20
Netis WF2501 User Manual preview
WF2501
Brand: Netis Pages: 62
Hama 53331 Instruction Manual preview
53331
Brand: Hama Pages: 34
D-Link DSL-2750E How To Set Up preview
DSL-2750E
Brand: D-Link Pages: 4

Brands by name

Popular brands

Load more brands