H3C WA2200 Series Configuration Manual
Wlan access points, acl and qos
Hide thumbs
Also See for WA2200 Series:
- Installation manual (42 pages) ,
- Quick start manual (7 pages) ,
- Fundamentals configuration manual (137 pages)
Related Manuals for H3C WA2200 Series
Summary of Contents for H3C WA2200 Series
- Page 1 H3C WA Series WLAN Access Points ACL and QoS Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W100-20100910...
- Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
- Page 3 The H3C WA documentation set includes 10 configuration guides, which describe the software features for the H3C WA series WLAN access points and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply the software features to different network scenarios.
- Page 4 Means an action or information that needs special attention to ensure successful configuration or good performance. Means a complementary description. Means techniques helpful for you to make configuration with ease. About the H3C WA Documentation Set The H3C WA documentation set includes: Category Documents...
- Page 5 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...
-
Page 6: Table Of Contents
Table of Contents 1 Applicable Models and Software Versions ·····························································································1-1 2 Feature Matrix ············································································································································2-1 3 Command/Parameter Matrix·····················································································································3-1 4 ACL Configuration·····································································································································4-1 ACL Overview ·········································································································································4-1 ACL Categories ·······························································································································4-2 ACL Numbering and Naming ··········································································································4-2 Match Order·····································································································································4-2 ACL Rule Numbering·······················································································································4-4 Implementing Time-Based ACL Rules ····························································································4-4 IPv4 Fragments Filtering with ACLs ································································································4-4 ACL Configuration Task List ···················································································································4-4 Configuring an ACL·································································································································4-5... - Page 7 Defining a QoS Policy and Applying the QoS Policy to an Interface ··············································6-3 Displaying and Maintaining QoS Policies ·······························································································6-3 7 Priority Mapping Configuration················································································································7-1 Introduction to Packet Precedences ·······································································································7-1 IP Precedence and DSCP Values···································································································7-1 802.1p Priority ·································································································································7-2 802.11e Priority ·······························································································································7-3 Priority Mapping Overview ······················································································································7-3 Introduction to Priority Mapping·······································································································7-3 Introduction to Priority Mapping Tables···························································································7-4 Priority Mapping Configuration Task List ································································································7-5...
-
Page 8: Applicable Models And Software Versions
Read this chapter before using an H3C WA series WLAN access point. Applicable Models and Software Versions H3C WA series WLAN access points include the WA2200 series and WA2600 series. Table 1-1 shows the applicable models and software versions. -
Page 9: Feature Matrix
Feature Matrix Support of the H3C WA series WLAN access points for features, commands and parameters may vary by device model. See this document for more information. For information about feature support, see Table 2-1. For information about command and... -
Page 10: Command/Parameter Matrix
Command/Parameter Matrix Table 3-1 Command/Parameter matrix Document Module Command/Parameter WA2200 series WA2600 series display ip https Not supported Supported ip https acl Not supported Supported Fundamentals Command HTTP commands ip https certificate Not supported Supported Reference access-control-policy ip https enable... - Page 11 Document Module Command/Parameter WA2200 series WA2600 series The maximum number of broadcast packets pps max-pps pps max-pps broadcast-suppression that can be ranges from 1 to ranges from 1 to { ratio | pps max-pps } forwarded on an 148810. 1488100.
-
Page 12: Acl Configuration
The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix. -
Page 13: Acl Categories
ACL Categories ACL Numbering and Naming Match Order ACL Rule Numbering Implementing Time-Based ACL Rules IPv4 Fragments Filtering with ACLs ACL Categories ACLs fall into four categories, as shown in Table 4-1. Table 4-1 ACL categories Category ACL number IP version Match criteria WLAN ACLs 100 to 199... - Page 14 auto – Sorts ACL rules in depth-first order. Depth-first ordering ensures that any subset of a rule is always matched before the rule. Table 4-2 lists the sequence of tie breakers that depth-first ordering uses to sort rules for each type of ACL. The match order of WLAN ACLs can only be config.
-
Page 15: Acl Rule Numbering
Traditional packet filtering matches only first fragments of IPv4 packets, and allows all subsequent non-first fragments to pass through. Attackers can fabricate non-first fragments to attack networks. To avoids the risks, the H3C ACL implementation: Filters all fragments by default, including non-first fragments. -
Page 16: Configuring An Acl
Task Remarks Creating a Time Range Optional Configuring a WLAN ACL Configuring an IPv4 basic ACL Required Configure at least one task. Configuring an IPv4 advanced ACL Configuring an Ethernet Frame Header ACL Copying an IPv4 ACL Optional IPv6 ACL configuration task list Complete the following tasks to configure an IPv6 ACL: Task Remarks... -
Page 17: Configuring A Basic Acl
To do… Use the command… Remarks Required Create a WLAN ACL and acl number acl-number By default, no ACL exists. enter its view WLAN ACLs are numbered in the range 100 to 199. Optional Configure a description description text for the WLAN ACL By default, a WLAN ACL has no ACL description. -
Page 18: Configuring An Advanced Acl
To do… Use the command… Remarks Enter system view system-view –– Required By default, no ACL exists. Create an IPv6 basic acl ipv6 number acl6-number IPv6 basic ACLs are numbered in the range 2000 ACL view and enter its [ name acl6-name ] to 2999. - Page 19 To do… Use the command… Remarks Optional Set the rule numbering step step-value step 5 by default. rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg Required urg-value } * | established } |...
-
Page 20: Configuring An Ethernet Frame Header Acl
To do… Use the command… Remarks rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh Required psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | By default IPv6 advanced ACL does not destination { dest dest-prefix | contain any rule. -
Page 21: Copying An Acl
Copying an ACL You can create an ACL by copying an existing ACL. The new ACL has the same properties and content as the source ACL except the ACL number and name. To successfully copy an ACL, ensure that: The destination ACL number is from the same category as the source ACL number. The source ACL already exists but the destination ACL does not. - Page 22 Permits access from the President’s office at any time to the salary server of the Financial department. Deny access from any other department to the salary server during working hours (from 8:00 to 18:00) on working days. Figure 4-1 Network diagram for ACL configuration Configuration Procedure Create a time range for office hours # Create a periodic time range from 8:00 to 18:00 in working days.
-
Page 23: Ipv6 Acl Configuration Example
[AP-behavior-access2] filter deny [AP-behavior-access2] qos policy access [AP-qospolicy-access] classifier access1 behavior access1 [AP-qospolicy-access] classifier access2 behavior access2 [AP-qospolicy-access] interface wlan-bss1 [AP-WLAN-BSS1] qos apply policy access inbound IPv6 ACL Configuration Example Network Requirements Perform packet filtering in the inbound direction of interface WLAN-BSS 1 to deny all IPv6 packets but those with source addresses in the range 4050::9000 to 4050::90FF. -
Page 24: Qos Overview
The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix. -
Page 25: Qos Techniques Overview
IntServ Service Model The integrated service (IntServ) model is a multiple-service model that can accommodate diverse QoS requirements. It provides the most granularly differentiated QoS by identifying and guaranteeing definite QoS for each data flow. In the IntServ model, an application must request service from the network before it sends data. IntServ signals the service request with the Resource Reservation Protocol (RSVP). -
Page 26: Applying Qos Techniques In A Network
Applying QoS Techniques in a Network Figure 5-1 Positions of the QoS techniques in a network As shown in Figure 5-1, traffic classification, traffic shaping, traffic policing, congestion management, and congestion avoidance mainly implement the following functions: Traffic classification uses certain match criteria to assign packets with the same characteristics to a class. -
Page 27: Qos Processing Flow In An
QoS Processing Flow in an AP Figure 5-2 QoS processing flow Figure 5-2 briefly describes how the QoS module processes traffic: Traffic classifier identifies and classifies traffic for subsequent QoS actions. The QoS module takes various QoS actions on classified traffic as configured, depending on the traffic processing phase and network status. -
Page 28: Qos Policy Configuration
QoS Policy Configuration This chapter includes these sections: QoS Configuration Approach Overview Configuring a QoS Policy Displaying and Maintaining QoS Policies QoS Configuration Approach Overview Two approaches are available for configuring QoS: Non-Policy Approach Policy Approach. Some features support both approaches, but some support only one. Non-Policy Approach In non-policy approach, you configure QoS service parameters directly without using a QoS policy. -
Page 29: Defining A Class
Figure 6-1 QoS policy configuration procedure Define a class Define a traffic behavior Define a policy Apply the policy to an interface Defining a Class To define a class, specify its name and then configure the match criteria in class view. Follow these steps to define a class: To do... -
Page 30: Defining A Qos Policy And Applying The Qos Policy To An Interface
To do... Use the command... Remarks Optional To drop matching packets, select the deny Drop or send packets filter { deny | permit } keyword. To permit matching packets to pass through, select the permit keyword. Set the local precedence remark local-precedence Optional for packets... - Page 31 To do... Use the command... Remarks Display traffic behavior display traffic behavior Available in any view configuration information user-defined [ behavior-name ] Display the configuration of one or display qos policy user-defined all classes in one or all QoS [ policy-name [ classifier Available in any view policies and the associated tcl-name ] ]...
-
Page 32: Priority Mapping Configuration
Priority Mapping Configuration This chapter includes these sections: Introduction to Packet Precedences Priority Mapping Overview Priority Mapping Configuration Task List Configuring Priority Mapping Displaying and Maintaining Priority Mapping Priority Mapping Configuration Example Introduction to Packet Precedences IP Precedence and DSCP Values Figure 7-1 ToS and DS fields As shown in Figure... -
Page 33: 802.1P Priority
Table 7-2 Description on DSCP values DSCP value (decimal) DSCP value (binary) Description 101110 001010 af11 001100 af12 001110 af13 010010 af21 010100 af22 010110 af23 011010 af31 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000... -
Page 34: 802.11E Priority
called the 802.1p priority, because its use is defined in IEEE 802.1p. Table 7-3 presents the values for 802.1p priority. Figure 7-3 802.1Q tag header Byte 1 Byte 2 Byte 3 Byte 4 TPID (Tag protocol identifier) TCI (Tag control information) 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 Priority VLAN ID... -
Page 35: Introduction To Priority Mapping Tables
rules depending on AP status. This process is called priority mapping. The set of QoS priority parameters decides the scheduling priority and forwarding priority of the packet. Priority mapping is implemented with priority mapping tables and involves priorities such as 802.11e priority and 802.1p priority. -
Page 36: Priority Mapping Configuration Task List
Table 7-6 The default lp-dot1p and lp-dscp mappings Local precedence 802.1p priority DSCP Table 7-7 The default port priority-local precedence mapping Port priority Local precedence For the default dot11e-lp and lp-dot11e mappings, an input value yields a target value that is equal to Priority Mapping Configuration Task List You can configure priority mapping in two approaches: Configuring priority trust mode. -
Page 37: Configuring Priority Mapping
Task Remarks Configuring a Priority Mapping Table Optional Configuring a Port to Trust Packet Priority for Priority Mapping Optional Changing the Port Priority of an Interface Optional Configuring Priority Mapping Configuring a Priority Mapping Table Follow these steps to configure a priority mapping table: To do... -
Page 38: Changing The Port Priority Of An Interface
Changing the Port Priority of an Interface If an interface does not trust any packet priority, the AP uses its port priority to look for the set of priority parameters for the incoming packets. By changing port priority, you can prioritize traffic received on different interfaces. - Page 39 Figure 7-5 Network diagram for priority mapping configuration Eth1/0/2 Eth1/0/3 Switch Eth1/0/1 Host A Host B Eth1/0/1 ESS 1( WLAN - BSS 1) ESS 2 ( WLAN - BSS 2 ) Configuration procedure Configure the switch # Create VLAN 2 and VLAN 3. <Switch>...
- Page 40 [AP-wlan-st-2]quit # Create interface WLAN-BSS2, and configure its port priority as 7. [AP] interface wlan-bss 2 [AP-WLAN-BSS2] qos priority 7 [AP-WLAN-BSS2] quit [AP] interface wlan-radio 1/0/2 [AP-WLAN-Radio1/0/2] service-template 2 interface WLAN-BSS 2 [AP-wlan-st-2] quit # Assign interfaces WLAN-BSS 1 and WLAN-BSS 2 to different VLANs, such as VLAN 2 and VLAN 3 respectively.
-
Page 41: Index
Index ACL Configuration Examples 4-10 ACL Configuration Task List ACL Overview Configuring a QoS Policy Configuring an ACL Configuring Priority Mapping Displaying and Maintaining ACLs 4-10 Displaying and Maintaining Priority Mapping Displaying and Maintaining QoS Policies Introduction to Packet Precedences Introduction to QoS Service Models Introduction to QoS Priority Mapping Configuration Example...
Need help?
Do you have a question about the WA2200 Series and is the answer not in the manual?
Questions and answers