Nortel Networks 2300 manual Filtering Based on Dscp Values, Class-of-Service CoS Packet Handling

Configuring and Managing Security ACLs 375

Filtering Based on DSCP Values

To filter based on a Differentiated Services Code Point (DSCP) value, specify the combination of precedence and ToS values that is equivalent to the DSCP value. For example, to filter based on DSCP value 46, configure an ACL that filters based on precedence 5 and ToS 12. (To display a table of the precedence and ToS combinations for each DSCP value, use the show security acl dscp command.)

The following commands remap IP packets from IP address 10.10.50.2 that have DSCP value 46 (equivalent to prece- dence value 5 and ToS value 12), to have CoS value 7 when they are forwarded to any 10.10.90.x address on Distributed AP 4:

23x0# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0 0.0.0.255 precedence 5 tos 12

success: change accepted.

23x0# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0 0.0.0.255 precedence 5 tos 13

success: change accepted.

23x0# set security acl ip acl2 permit 0.0.0.0 255.255.255.255 success: change accepted.

23x0# commit security acl acl2

success: change accepted.

23x0# set security acl map acl2 dap 4 out success: change accepted.

The ACL contains two ACEs. The first ACE matches on precedence 5 and ToS 12. The second ACE matches on prece- dence 5 and ToS 13. The IP precedence and ToS fields use 7 bits, while the DSCP field uses only 6 bits. Following the DSCP field is a 2-bit ECN field that can be set by other devices based on network congestion. The second ACE is required to ensure that the ACL matches regardless of the value of the seventh bit.

Table 23 lists the CoS values to use when reassigning traffic to a different priority. The CoS determines the AP forwarding queue to use for the traffic when sending it to a wireless client.

Table 25: Class-of-Service (CoS) Packet Handling

Nortel WLAN Security Switch 2300 Series Configuration Guide