Table of Contents
Advertisement
236
C
11: C
HAPTER
ONFIGURING AND
Setting an ICMP ACL
M
S
ANAGING
ECURITY
Table 22 Class-of-Service (CoS) Packet Handling
Packet Priority
CLI CoS Value
Desired
to Enter
Background
1 or 2
Best effort
0 or 3
Video
4 or 5
Voice
6 or 7
Use Cos class 6 or 7 only for VoIP phones that use SpectraLink Voice
Priority (SVP), not for other types of traffic. For other types of VoIP
phones, use Cos class 4 or 5. Permitted packets are assigned to CoS
class 0 by default.
(For more information about configuring for voice traffic, see "Enabling
Prioritization for Voice over IP" on page 250.)
With the following command, you can use security ACLs to set Internet
Control Message Protocol (ICMP) parameters for the ping command:
set security acl ip acl-name {permit [cos cos] | deny}
icmp {source-ip-addr mask
[type icmp-type] [code icmp-code] [precedence precedence]
[tos tos] [before editbuffer-index | modify editbuffer-index]
[hits]
An ICMP ACL can filter packets by source and destination IP address, TOS
level, precedence, ICMP type, and ICMP code. For example, the following
command permits all ICMP packets coming from 192.168.1.3 and going
to 192.168.1.4 that also meet the following conditions:
ICMP type is 11 (Time Exceeded).
ICMP code is 0 (Time to Live Exceeded).
Type-of-service level is 12 (minimum delay plus maximum
throughput).
Precedence is 7 (network control).
WX1200# set security acl ip acl-3 permit icmp 192.168.1.3
0.0.0.0 192.168.1.4 0.0.0.0 type 11 code 0 precedence 7
tos 12 before 1 hits
ACL
S
MAP CoS Queue
Assigned
4
3
2
1
destination-ip-addr mask}
Advertisement
Table of Contents
