H3C WA2210-AG, WA2220-AG, WA2220X-AG, WA2210X-G, WA2612-AGN Configuration Manual
...
H3C WA Series WLAN Access Points
ACL and QoS Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W100-20100910
Copyright © 2010, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
Notice
H3C, , Aolynk, , H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
2
G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C WA documentation set inclu des 10 configuration guides, which describe the soft ware features
for the H3C WA series WLAN access points and guide you through the software configuration
procedures. These configuration guides also provide configuration examples to help you apply the
software features to different network scenarios.
The ACL and QoS Configuration Guide describes ACL and QoS configurations.
This preface includes:
z Audience
z Conventions
z About the H3C WA Documentation Set
z Obtaining Documentation
z Documentation Feedback
Audience
This documentation is intended for:
z Network planners
z Field technical support and servicing engineers
z Network administrators working with the WA series
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold
italic
[ ]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
text represents commands and keywords that you enter literally as shown.
Italic text represents arguments that you replace with actual values.
Square brackets enclose syntax choices (keywords or arguments) that are
optional.
Braces enclose a set of required syntax choices separated by vertical bars,
from which you select one.
Square brackets enclose a set of optional syntax choices separated by vertical
bars, from which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by
vertical bars, from which you select at least one.
[ x | y | ... ] *
&<1-n>
Asterisk marked square brackets enclose optional syntax choices separated by
vertical bars, from which you may select multiple choices or none.
The argument or keyword and argument combination before the ampersand (&)
sign can be entered 1 to n times.
Convention Description
# A line that starts with a pound (#) sign is comments.
GUI conventions
Convention Description
Boldface
>
Window names, button names, field names, and menu items are in Boldface.
For example, the
Multi-level menus are separated by angle brackets. For example,
Folder
>
.
New User
Symbols
Convention Description
Means reader be extremely careful. Improper operation may cause bodily
injury.
Means reader be careful. Improper operation may cause data loss or damage to
equipment.
Means an action or information that needs special attention to ensure
successful configuration or good performance.
Means a complementary description.
Means techniques helpful for you to make configuration with ease.
About the H3C WA Documentation Set
window appears; click OK.
File
>
Create
The H3C WA documentation set includes:
Category Documents Purposes
Product
description and
specifications
Hardware
specifications
and installation
Software
configuration
Marketing brochures Describe product specifications and benefits.
Technology white papers
Compliance and safety
manual
Quick start
Installation guide
Getting started guide
Configuration guides Describe software features and configuration procedures.
Command references Provide a quick reference to all available commands.
Provide an in-depth description of software features and
technologies.
Provides regulatory information and the safety instructions
that must be followed during installation.
Guides you through initial installation and setup procedures to
help you quickly set up and use your AP with the minimum
configuration.
Guides you through hardware specifications and installation
methods to help you install your AP.
Guides you through the main functions of your AP, and
describes how to install and log in to your AP, perform basic
configurations, maintain software, and troubleshoot your AP.
Category Documents Purposes
User FAQ
Operations and
maintenance
Release notes
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at
http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, getting started, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with
the software version.
Provides answers to some of the most frequently asked
questions on how to troubleshoot your AP.
Provide information about the product release, including the
version history, hardware and software compatibility matrix,
version upgrade information, technical support information,
and software upgrading.
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Table of Contents
1 Applicable Models and Software Versions·····························································································1-1
2 Feature Matrix············································································································································2-1
3 Command/Parameter Matrix·····················································································································3-1
4 ACL Configuration·····································································································································4-1
ACL Overview·········································································································································4-1
ACL Categories·······························································································································4-2
ACL Numbering and Naming ··········································································································4-2
Match Order·····································································································································4-2
ACL Rule Numbering·······················································································································4-4
Implementing Time-Based ACL Rules····························································································4-4
IPv4 Fragments Filtering with ACLs································································································4-4
ACL Configuration Task List ···················································································································4-4
Configuring an ACL·································································································································4-5
Creating a Time Range ···················································································································4-5
Configuring a WLAN ACL················································································································4-5
Configuring a Basic ACL ·················································································································4-6
Configuring an Advanced ACL········································································································4-7
Configuring an Ethernet Frame Header ACL··················································································4-9
Copying an ACL ····························································································································4-10
Displaying and Maintaining ACLs·········································································································4-10
ACL Configuration Examples················································································································4-10
IPv4 ACL Configuration Example··································································································4-10
IPv6 ACL Configuration Example··································································································4-12
5 QoS Overview ············································································································································5-1
Introduction to QoS·································································································································5-1
Introduction to QoS Service Models ·······································································································5-1
Best-Effort Service Model················································································································5-1
IntServ Service Model ·····················································································································5-2
DiffServ Service Model····················································································································5-2
QoS Techniques Overview ·····················································································································5-2
Applying QoS Techniques in a Network··························································································5-3
QoS Processing Flow in an AP ·······································································································5-4
6 QoS Policy Configuration·························································································································6-1
QoS Configuration Approach Overview··································································································6-1
Non-Policy Approach·······················································································································6-1
Policy Approach·······························································································································6-1
Configuring a QoS Policy························································································································6-1
Defining a Class ······························································································································6-2
Defining a Traffic Behavior··············································································································6-2
i
Defining a QoS Policy and Applying the QoS Policy to an Interface ··············································6-3
Displaying and Maintaining QoS Policies ·······························································································6-3
7 Priority Mapping Configuration················································································································7-1
Introduction to Packet Precedences·······································································································7-1
IP Precedence and DSCP Values···································································································7-1
802.1p Priority ·································································································································7-2
802.11e Priority ·······························································································································7-3
Priority Mapping Overview······················································································································7-3
Introduction to Priority Mapping·······································································································7-3
Introduction to Priority Mapping Tables···························································································7-4
Priority Mapping Configuration Task List································································································7-5
Configuring Priority Mapping···················································································································7-6
Configuring a Priority Mapping Table······························································································7-6
Configuring a Port to Trust Packet Priority for Priority Mapping······················································7-6
Changing the Port Priority of an Interface·······················································································7-7
Displaying and Maintaining Priority Mapping··························································································7-7
Priority Mapping Configuration Example·································································································7-7
8 Index ···························································································································································8-1
ii
z The models listed in this document are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
z Read this chapter before using an H3C WA series WLAN access point.
1 Applicable Models and Software Versions
H3C WA series WLAN access points include the WA2200 series and WA2600 series. Table 1-1 shows
the applicable models and software versions.
Table 1-1 Applicable models and software versions
Series Model Software version
WA2200 series
WA2600 series
WA2200 series access
points (indoors)
WA2200 series access
points (outdoors)
WA2600 series access
points (indoors)
WA2600 series access
points (enhanced)
WA2210-AG
WA2220-AG
WA2210X-G
WA2220X-AG
WA2610-AGN
WA2612-AGN
WA2620-AGN
WA2610E-AGN
WA2620E-AGN
R 1115
R 1106
R 1109
1-1
2 Feature Matrix
z Support of the H3C WA series WLAN access points for features, commands and parameters may
vary by device model. See this document for more information.
z For information about feature support, see Table 2-1. For information about command and
parameter support, see
z The term AP in this document refers to common APs, wireless bridges, or mesh APs.
Table 2-1 Feature matrix
Document Feature WA2200 series WA2600 series
Table 3-1.
Fundamentals
Configuration Guide
WLAN Configuration
Guide
Layer 2 – LAN
Switching
Configuration Guide
Layer 3 – IP Services
Configuration Guide
IP Multicast
Configuration Guide
Security Configuration
Guide
HTTPS Not supported Supported
802.11n radio mode Not supported Supported
802.11n bandwidth mode Not supported Supported
802.11n rate configuration Not supported Supported
Supported on
Optical Ethernet interface
GE interface Not supported Supported
DHCP server configuration Not supported Supported
DHCPv6 configuration Not supported Supported
IGMP snooping configuration Not supported Supported
MLD snooping configuration Not supported Supported
SSH2.0 Not supported Supported
WA2210X-G/WA2220XAG only
Not supported
2-1
3 Command/Parameter Matrix
Table 3-1 Command/Parameter matrix
Document Module Command/Parameter WA2200 series WA2600 series
Fundamentals
Command
Reference
WLAN
Command
Reference
HTTP commands
WLAN service
commands
display ip https
ip https acl
ip https certificate
access-control-policy
ip https enable
a-mpdu enable
a-msdu enable
channel band-width
client dot11n-only
preamble
radio-type
short-gi enable
dot11a { disabled-rate |
mandatory-rate |
supported-rate
{
long
short }
|
} rate-value
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Only APs that
support the
802.11b/g radio
mode support this
command.
Keywords
dot11an
dot11gn
supported
Not supported Supported
Only APs that
support 802.11a
radio mode
support this
command.
and
not
Only APs that
support the
802.11b/g radio
mode support this
command.
Supported
Only APs that
support 802.11a
radio mode
support this
command.
WLAN RRM
commands
dot11n mandatory
maximum-mcs
dot11n support
maximum-mcs
power-constraint
power-constraint
3-1
Not supported Supported
Not supported Supported
Only APs that
support the
802.11a radio
mode support this
command.
Only APs that
support the
802.11a radio
mode support this
command.
Document Module Command/Parameter WA2200 series WA2600 series
The maximum
number of
broadcast packets
that can be
forwarded on an
Ethernet interface
per second
broadcast-suppression
pps
{ ratio |
max-pps }
pps
ranges from 1 to
148810.
max-pps
pps
max-pps
ranges from 1 to
1488100.
Layer 2 – LAN
Switching
Command
Reference
Layer 3 - IP
Services
Command
Reference
The maximum
number of multicast
packets allowed on
an Ethernet
interface per
second
The maximum
number of unknown
unicast packets
allowed on an
Ethernet interface
per second
DHCP commands
DHCPv6
commands
multicast-suppression
{ ratio |
unicast-suppression
|
DHCP server configuration
commands
display ipv6 dhcp client
[
interface-number ]
display ipv6 dhcp client
statistics [ interface
interface-type
interface-number ]
display ipv6 dhcp duid
reset ipv6 dhcp client
statistics [ interface
interface-type
interface-number ]
pps
pps
max-pps }
interface
max-pps }
interface-type
{ ratio
Not supported Supported
pps
max-pps
ranges from 1 to
148810.
pps
max-pps
ranges from 1 to
148810.
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
pps
max-pps
ranges from 1 to
1488100.
pps
max-pps
ranges from 1 to
1488100.
3-2
z The models listed in this document are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
z Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For
more information, see Feature Matrix.
z The interface types and the number of interfaces vary by AP model.
z The term AP in this document refers to common APs, wireless bridges, and mesh APs.
4 ACL Configuration
This chapter includes these section s:
z ACL Overview
z ACL Configuration Task List
z Configuring an ACL
z Creating a Time Range
z Configuring a WLAN ACL
z Configuring a Basic ACL
z Configuring an Advanced ACL
z Configuring an Ethernet Frame Header ACL
z Copying an ACL
z Displaying and Maintaining ACLs
z ACL Configuration Examples
Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document.
ACL Overview
An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based
on criteria such as source IP address, destination IP address, and port number.
ACLs are essentially used for packet filtering. A packet filter drops packets that match a deny rule and
permits packets that match a permit rule. ACLs are also widely used by many modules, for example,
QoS and IP routing, for traffic identification.
This section covers these topics:
4-1
z ACL Categories
z ACL Numbering and Naming
z Match Order
z ACL Rule Numbering
z Implementing Time-Based ACL Rules
z IPv4 Fragments Filtering with ACLs
ACL Categories
ACLs fall into four categories, as shown in Table 4-1.
Table 4-1 ACL categories
Category ACL number IP version Match criteria
WLAN ACLs 100 to 199 IPv4 Wireless client SSID
Basic ACLs 2000 to 2999
Advanced ACLs 3000 to 3999
Ethernet frame
header ACLs
4000 to 4999 IPv4
ACL Numbering and Naming
Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a
number for identification, and in addition, you can also assign the ACL a name for the ease of
identification. After creating an ACL with a name, you can neither rename it nor delete its name.
You cannot assign a name for a WLAN ACL.
For a WLAN and Ethernet frame header, the ACL number and name must be globally unique. For an
IPv4 basic or advanced A CLs, its ACL number and name must be unique among all IPv4 ACLs, and for
an IPv6 basic or advanced ACL, among all IPv6 ACLs. You can assign an IPv4 ACL the same number
and name as an IPv6 ACL.
IPv4 Source IPv4 address
IPv6 Source IPv6 address
IPv4
IPv6
Source/destination IPv4 address, protocols over
IPv4, and other Layer 3 and Layer 4 header fields
Source/destination IPv6 address, protocols over
IPv6, and other Layer 3 and Layer 4 header fields
Layer 2 header fields, such as source and
destination MAC addresses, 802.1p priority, and
link layer protocol type
Match Order
The rules in an ACL are sorted in certain order. When a packet matches a rule, the device stops the
match process and performs the action defined in the rule. If an ACL contain s overlapping or conflicting
rules, the matching result and action to take depend on the rule order.
Two ACL match orders are available:
z config – Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before a
rule with a higher ID. If you use this approach, check rule content and order carefully.
4-2
Loading...