Cisco Aironet 350 Series Bridge Software Configuration Guide - Configuring Filters and Quality of Service [Cisco Aironet 350 Series]

Table Of Contents

Configuring Filters and Quality of Service

Filter Setup

Protocol Filtering

Creating a Protocol Filter

Enabling a Protocol Filter

MAC Address Filtering

Creating a MAC Address Filter

QoS Configuration

Entering Information on the Quality of Service Setup Page

Settings on the Quality of Service Setup Page

Generate QBSS Element

Use Symbol Extensions

Send IGMP General Query

Traffic Category

Applying QoS

By Station

By VLAN

By Filter

By CoS Value

By DSCP Value

Configuring Filters and Quality of Service

This chapter provides information and configuration procedures for setting up filters. The chapter also provides information and procedures for setting up QoS using filters you create.

This chapter contains the following sections:

•Filter Setup

•QoS Configuration

•Applying QoS

Filter Setup

This section describes how to set up filtering to control the flow of data through the bridge. You can filter data based on protocols and MAC addresses. Each type of filtering is explained in the following sections:

•Protocol Filtering

•MAC Address Filtering

Protocol Filtering

Protocol filters prevent or allow the use of specific protocols through the bridge. You can set up individual protocol filters and enable each filter for one or more VLANs. You can filter protocols for wireless client devices, users on the wired LAN, or both. For example, an SNMP filter on the bridge's radio port prevents wireless client devices from using SNMP with the bridge but does not block SNMP access from the wired LAN.

Use the Protocol Filters Setup page create and enable protocol filters for the bridge's Ethernet port and for the bridge's radio port. The Protocol Filters Setup page is shown on Figure 5-1.

Figure 5-1 Protocol Filters Setup Page

Follow this link path to reach the Protocol Filters Setup page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Protocol Filters in the Protocol Filters row under Associations.

You can create protocol filters or view existing filters by clicking Filters in the Ethernet or Radio rows of the Network Ports section of the Setup page. The screens are identical except for the name. Figure 5-2 shows the Protocol Filters page.

Figure 5-2 Protocol Filters Page

Follow this link path to reach the Root Radio or Ethernet Protocol Filters page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Filters in the Root Radio or Ethernet row under Network Ports.

The left side of the Protocol Filters page contains links to the Ethertype Filters, the IP Protocol Filters, and the IP Port Filters pages.

Use the Protocol Filters pages to assign protocols to a filter set. Table A-1, Table A-2, and Table A-3 in Appendix B list the protocols available on each page.

Creating a Protocol Filter

Follow these steps to create a protocol filter:

Step 1 Follow the link path to the Protocol Filters Setup page.

Step 2 Click Ethertype, IP Protocol, or IP Port to display the Filters page that contains the protocols you want to filter. Figure 5-3 shows the IP Protocol Filters page.

Figure 5-3 IP Protocol Filters Page

Step 3 Enter a descriptive filter set name in the Set Name field.

Step 4 Enter an identification number in the Set ID entry field if you want to assign a specific SNMP identifier to the filter set. If you don't enter an ID, an SNMP identifier will be assigned to the set automatically, starting with 1 for the first filter set and incrementing by one for each additional set.

Step 5 Click Add New. The Filter Set page appears. Figure 5-4 shows the Filter Set page.

Figure 5-4 Filter Set Page

Step 6 Select forward or block from the Default Disposition drop-down menu. This setting is the default action for the protocols you include in the filter set. You can override this setting for specific protocols.

Step 7 In the Default Time to Live fields, enter the number of milliseconds unicast and multicast packets should stay in the bridge's buffer before they are discarded. These settings will be the default time-to-live values for the protocols you include in the filter set, but you can override the settings for specific protocols. If you leave these settings at 0, the time-to-live settings default to 3 seconds for multicast packets and 5 seconds for unicast packets.

Step 8 Type the name or the ISO numeric designator for the protocol you want to add in the Special Cases entry field and click Add New. For example, to add Telnet to an IP port filter set, type telnet or 23.

The Protocol Filter Set page appears. Figure 5-5 shows the Protocol Filter Set page.

Figure 5-5 Protocol Filter Set Page

Step 9 Select forward or block from the Disposition drop-down menu to forward or block the protocol traffic, or leave this setting at default to use the default disposition that you selected for the filter set in Step 6.

Step 10 Select a priority for the protocol from the Priority drop-down menu. The menu includes the following options:

•background—Use this setting for bulk transfers and other activities that are allowed on the network but should not impact network use by other users and applications.

•default—This setting is the same as best effort, which applies to normal LAN traffic.

•excellentEffort—Use this setting for a network's most important users.

•controlledLoad—Use this setting for important business applications that are subject to some form of admission control.

•interactiveVideo—Use this setting for traffic with less than 100 ms delay.

•interactiveVoice—Use this setting for traffic with less than 10 ms delay.

•networkControl—Use this setting for traffic that must get through to maintain and support the network infrastructure.

Step 11 Enter milliseconds in the Time-to-Live entry fields. If you leave these settings at 0, the protocol adopts the default time-to-live values you entered in Step 7.

Note The time-to-live values you enter should be compatible with the priority you select for the protocol. For example, if you select interactiveVoice as the priority and enter high time-to-live values, voice packets will stay in the bridge buffer longer than necessary, causing delivery of stale, useless packets.

Step 12 Select Alert? yes to send an alert to the event log when a user transmits or receives the protocol through the bridge.

Step 13 Click OK. The Filter Set page appears with the protocol listed at the bottom of the page.

To edit the protocol entry, type the protocol name in the Special Cases entry field or click the select button beside the entry and click Edit. To delete the protocol, type the protocol name in the Special Cases entry field or click the select button beside the entry and click Remove.

Step 14 To add another protocol to the filter set, repeat Step 8 through Step 13. When you have included all the protocols you need in the filter set, click OK. The EtherType Filters, IP Protocol Filters, or IP Port Filters page appears, and the filter sets you defined appear in the filter set list at the bottom of the page.

Note After defining the protocol filter set, follow the steps in the Enabling a Protocol Filter section to activate the filter.

Enabling a Protocol Filter

Follow these steps to enable a protocol filter:

Step 1 Complete the steps listed in the "Creating a Protocol Filter" section to define a protocol filter.

Step 2 Follow the link path to the Ethernet Protocol Filters page or the Root Radio Protocol Filters page.

Step 3 Select the protocol filter set that you want to enable from the Ethertype, IP Protocol, or IP Port drop-down menu.

Step 4 Click OK. The filter set is enabled.

MAC Address Filtering

MAC address filters allow or disallow the forwarding of unicast and multicast packets either sent from or addressed to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify.

Note MAC address filters are powerful, and you can lock yourself out of the bridge if you make a mistake setting up the filters. If you accidentally lock yourself out of your bridge, follow the instructions in the "Using the Command-Line Interface" section to use the CLI to disable the filters.

Use the Address Filters page to create MAC address filters for the bridge. Figure 5-6 shows the Address Filters page.

Figure 5-6 Address Filters Page

Follow this link path to reach the Address Filters page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Address Filters under Associations.

Creating a MAC Address Filter

Follow these steps to create a MAC address filter:

Step 1 Follow the link path to the Address Filters page.

Step 2 Type a destination MAC address in the New MAC Address Filter: Dest MAC Address field. You can type the address with colons separating the character pairs (00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).

Note If you plan to disallow traffic to all MAC addresses except those you specify as allowed, put your own MAC address in the list of allowed MAC addresses. If you plan to disallow multicast traffic, add the broadcast MAC address (ffffffffffff) to the list of allowed addresses.

Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed to discard traffic to the MAC address.

Step 4 Click Add. The MAC address appears in the Existing MAC Address Filters list. To remove the MAC address from the list, select it and click Remove.

Tip You can create a list of allowed MAC addresses on an authentication server on your network. Consult the "Setting Up MAC-Based Authentication" section for instructions on using MAC-based authentication.

Step 5 Click OK. You return automatically to the Setup page.

Step 6 Click Advanced in the Root Radio row of the Network Ports section at the bottom of the Setup page. The Root Radio Advanced page appears. Figure 5-7 shows the Root Radio Advanced page.

Figure 5-7 Root Radio Advanced Page

Step 7 Click Advanced Primary SSID Setup. The Root Radio Primary SSID page appears. Figure 5-8 shows the Root Radio Primary SSID page.

Figure 5-8 Root Radio Primary SSID Page

Select Open, Shared Key, or Network-EAP to set the authentications the bridge recognizes. See the "Security Overview" section for a description of authentication types.

If you use open or shared authentication as well as EAP authentication, select Require EAP under Open or Shared to block client devices that are not using EAP from authenticating through the bridge.

Unicast MAC address filters allow or disallow the forwarding of unicast packets sent to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify.

Read the "Setting Up MAC-Based Authentication" section for complete instructions on using MAC-based authentication on an authentication server. Read the "Creating a MAC Address Filter" section for complete instructions on setting up MAC address filters.

The drop-down menus for unicast address filters contain two options:

•Allowed—The bridge forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page.

•Disallowed—The bridge discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page or on your authentication server.

Select Disallowed for each authentication type that also uses MAC-based authentication.

Note If you plan to discard traffic to all MAC addresses except those you specify (the Disallowed setting), be sure to enter your own MAC address as allowed on the Address Filters page or on your authentication server.

Step 8 Click OK. Your settings are saved and you return to the Root Radio Advanced Setup page.

If clients are not filtered immediately, click WARM RESTART SYSTEM NOW on the Manage System Configuration page to restart the bridge. To reach the Manage System Configuration page, Click Cisco Services on the main Setup page and click Manage System Configuration on the Cisco Services Setup page.

Note The Ethernet Advanced page contains the Default Unicast and Multicast Address Filter settings for the Ethernet port. These settings work as described above, but you should use extra caution changing the settings on the Ethernet Advanced page because they can lock you out of your bridge. To reach the Ethernet Advanced page, click Advanced in the Ethernet row of the Network Ports section at the bottom of the Setup page.

Note Client devices with blocked MAC addresses cannot send or receive data through the bridge, but they might remain in the Association Table as unauthenticated client devices. Client devices with blocked MAC addresses disappear from the Association Table when the bridge stops monitoring them or they associate with another bridge. See the "Settings on the Association Table Advanced Page" section for information on setting a monitoring timeout for each device class.

QoS Configuration

You can assign QoS attributes to enable various devices on the network to communicate more effectively. The bridge supports QoS for voice over IP (VoIP) telephones and downlink prioritized channel access for streaming audio and video traffic. This section describes how to configure the bridge's QoS feature.

Entering Information on the Quality of Service Setup Page

Access the Quality of Service Setup page (see Figure 5-9) from the Summary Status page by clicking the Setup tab. From the Associations section of the Setup page, click Protocol Filters. This page is also accessed through the Root Radio Advanced page in the Network Ports section of the Setup page.

Figure 5-9 Quality of Service Setup Page

Follow this link path to reach the Quality of Service setup page:

1. On the Summary Status page, click Setup. The Setup page appears.

2. In the Associations section, click Protocol Filters. The Protocol Filters Setup page appears.

3. Click Quality of Service. The Root Radio Quality of Service page appears.

Settings on the Quality of Service Setup Page

The Quality of Service setup page contains the following settings:

•Generate QBSS Element

•Use Symbol Extensions

•Send IGMP General Query

•Traffic Category

Generate QBSS Element

Determines whether a QoS basic service set (QBSS) element is generated. The QBSS element determines the best bridge with which to associate.

Use Symbol Extensions

Configures the bridge to use Symbol Voice over IP (VoIP) phones. When this setting is enabled, the bridge uses the Symbol Phone Support protocol. This protocol identifies Symbol handsets and classifies traffic for them as interactive voice.

Send IGMP General Query

Configures the bridge to perform IP multicast filtering. Automatic IP multicast filtering is not directly supported on the bridge. This setting is the mechanism that injects IP multicast filtering onto Ethernet switches.

Traffic Category

Traffic category identifies a type of traffic in which data processed by the bridge is categorized. There are seven categories:

•Background

•Spare

•Best effort

•Excellent effort

•Controlled load

•Interactive video

•Interactive voice

•Network control

Each category is assigned a minimum contention window (CWmin) value and a maximum contention window (CWmax) value. Allowed values for CWmin and CWmax are 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1023.

Note Cisco recommends that you do not alter these settings without significant testing. If you do alter the values, CWmin must be less than or equal to CWmax.

Applying QoS

You can apply QoS to specific traffic handled by the bridge in a number of ways:

•By station

•By VLAN

•By filter

•By Class of Service (CoS) value

•By differentiated services code point (DSCP) value

By Station

The bridge can prioritize traffic based upon a WLAN client identifying itself as a particular client type that requires a particular traffic classification.

The best example of this is the negotiations between the bridge and a Symbol VoIP WLAN handset. A protocol has been defined by Symbol that allows the handset to be identified by the bridge and given interactive voice classification. Follow these steps to enable this feature.

Step 1 Browse to the Setup screen on the bridge.

Step 2 Click Protocol Filters in the Associations section. The Protocol Filters Setup page appears (Figure 5-10).

Figure 5-10 Protocol Filters Setup Page

Step 3 Click Quality of Service. The Root Radio Quality of Service page appears (Figure 5-11).

Figure 5-11 Root Radio Quality of Service Page

Step 4 Click the yes radio button in the Use Symbol Extensions setting.

By VLAN

The default priority of a VLAN can be set, and the bridge uses this setting for all traffic on that VLAN except when overridden by a filter setting. This filter setting is applied through the policy group on the VLAN.

Follow these steps to set up a VLANs QoS default priority.

Step 1 From the Setup page, click VLAN in the Associations section. The VLAN Setup page appears.

Step 2 Choose the VLAN to which you want to apply the priorities by highlighting it in the Existing VLANs field, and click Edit. The VLAN ID page for that VLAN appears (Figure 5-12).

Figure 5-12 VLAN ID page

Step 3 To view the selections in the Default Priority field, click the drop-down menu.

Step 4 Select the default priority you wish the VLAN to use.

Step 5 Click OK to save your settings and return to the VLAN Setup page.

By Filter

bridge filters already allow the classification of traffic based upon Ethertype, Internet Protocol, or IP Port. An example of a filter classifying traffic is shown on Figure 5-13.

Figure 5-13 Filters Priority Setting

The filters can be applied on interfaces or as a part of a VLAN policy group.

The bridge has a default filter to classify all Spectralink voice traffic with voice priority. You do not have to enable this filter, but you can modify the filter and apply it to a specific VLAN or interface.

Note To set up a filter, see the "Filter Setup" section.

A typical Spectralink filter configuration is shown on Figure 5-14.

Figure 5-14 Spectralink Filter Configuration

Figure 5-15 shows how the Spectralink filter is applied.

Figure 5-15 Applying the Spectralink Filter

By CoS Value

Traffic that comes to the bridge over an Ethernet trunk is already classified by its Class of Service (CoS) settings. The classification is applied unless changed by one of the methods described above.

By DSCP Value

The differentiated services code point (DSCP) values in the IP packets can be used to classify the traffic based on the DSCP-to-CoS mappings shown in Figure 5-16.

Figure 5-16 DSCP-to-CoS Conversion

Follow these steps to access the DSCP-to-CoS Conversion page.

Step 1 From the Summary Status page, click Setup. The Setup page appears.

Step 2 In the Associations section, click Protocol Filters. The Protocol Filters Setup page appears.

Step 3 Click DSCP-to-CoS Conversion.

	Cisco Aironet 350 Series Bridge Software Configuration Guide
	Configuring Filters and Quality of Service
Cisco Aironet 350 Series Bridge Software Configuration Guide Preface Overview Using the Management Interfaces Configuring the Radio and Basic Settings Configuring VLANs Configuring Filters and Quality of Service Configuring Proxy Mobile IP Configuring Other Settings Security Setup Network Management Managing Firmware and Configurations Management System Setup Special Configurations Diagnostics and Troubleshooting Appendix A - Protocol Filter Lists Appendix B - Channels, Power Levels, and Antenna Gains Appendix C - Event Log Messages Index	Download this chapter Configuring Filters and Quality of Service Download the complete book Cisco Aironet 350 Series Bridge Software Configuration Guide (PDF - 5 MB) Table Of Contents Configuring Filters and Quality of Service Filter Setup Protocol Filtering Creating a Protocol Filter Enabling a Protocol Filter MAC Address Filtering Creating a MAC Address Filter QoS Configuration Entering Information on the Quality of Service Setup Page Settings on the Quality of Service Setup Page Generate QBSS Element Use Symbol Extensions Send IGMP General Query Traffic Category Applying QoS By Station By VLAN By Filter By CoS Value By DSCP Value Configuring Filters and Quality of Service This chapter provides information and configuration procedures for setting up filters. The chapter also provides information and procedures for setting up QoS using filters you create. This chapter contains the following sections: •Filter Setup •QoS Configuration •Applying QoS Filter Setup This section describes how to set up filtering to control the flow of data through the bridge. You can filter data based on protocols and MAC addresses. Each type of filtering is explained in the following sections: •Protocol Filtering •MAC Address Filtering Protocol Filtering Protocol filters prevent or allow the use of specific protocols through the bridge. You can set up individual protocol filters and enable each filter for one or more VLANs. You can filter protocols for wireless client devices, users on the wired LAN, or both. For example, an SNMP filter on the bridge's radio port prevents wireless client devices from using SNMP with the bridge but does not block SNMP access from the wired LAN. Use the Protocol Filters Setup page create and enable protocol filters for the bridge's Ethernet port and for the bridge's radio port. The Protocol Filters Setup page is shown on Figure 5-1. Figure 5-1 Protocol Filters Setup Page Follow this link path to reach the Protocol Filters Setup page: 1. On the Summary Status page, click Setup. 2. On the Setup page, click Protocol Filters in the Protocol Filters row under Associations. You can create protocol filters or view existing filters by clicking Filters in the Ethernet or Radio rows of the Network Ports section of the Setup page. The screens are identical except for the name. Figure 5-2 shows the Protocol Filters page. Figure 5-2 Protocol Filters Page Follow this link path to reach the Root Radio or Ethernet Protocol Filters page: 1. On the Summary Status page, click Setup. 2. On the Setup page, click Filters in the Root Radio or Ethernet row under Network Ports. The left side of the Protocol Filters page contains links to the Ethertype Filters, the IP Protocol Filters, and the IP Port Filters pages. Use the Protocol Filters pages to assign protocols to a filter set. Table A-1, Table A-2, and Table A-3 in Appendix B list the protocols available on each page. Creating a Protocol Filter Follow these steps to create a protocol filter: Step 1 Follow the link path to the Protocol Filters Setup page. Step 2 Click Ethertype, IP Protocol, or IP Port to display the Filters page that contains the protocols you want to filter. Figure 5-3 shows the IP Protocol Filters page. Figure 5-3 IP Protocol Filters Page Step 3 Enter a descriptive filter set name in the Set Name field. Step 4 Enter an identification number in the Set ID entry field if you want to assign a specific SNMP identifier to the filter set. If you don't enter an ID, an SNMP identifier will be assigned to the set automatically, starting with 1 for the first filter set and incrementing by one for each additional set. Step 5 Click Add New. The Filter Set page appears. Figure 5-4 shows the Filter Set page. Figure 5-4 Filter Set Page Step 6 Select forward or block from the Default Disposition drop-down menu. This setting is the default action for the protocols you include in the filter set. You can override this setting for specific protocols. Step 7 In the Default Time to Live fields, enter the number of milliseconds unicast and multicast packets should stay in the bridge's buffer before they are discarded. These settings will be the default time-to-live values for the protocols you include in the filter set, but you can override the settings for specific protocols. If you leave these settings at 0, the time-to-live settings default to 3 seconds for multicast packets and 5 seconds for unicast packets. Step 8 Type the name or the ISO numeric designator for the protocol you want to add in the Special Cases entry field and click Add New. For example, to add Telnet to an IP port filter set, type telnet or 23. The Protocol Filter Set page appears. Figure 5-5 shows the Protocol Filter Set page. Figure 5-5 Protocol Filter Set Page Step 9 Select forward or block from the Disposition drop-down menu to forward or block the protocol traffic, or leave this setting at default to use the default disposition that you selected for the filter set in Step 6. Step 10 Select a priority for the protocol from the Priority drop-down menu. The menu includes the following options: •background—Use this setting for bulk transfers and other activities that are allowed on the network but should not impact network use by other users and applications. •default—This setting is the same as best effort, which applies to normal LAN traffic. •excellentEffort—Use this setting for a network's most important users. •controlledLoad—Use this setting for important business applications that are subject to some form of admission control. •interactiveVideo—Use this setting for traffic with less than 100 ms delay. •interactiveVoice—Use this setting for traffic with less than 10 ms delay. •networkControl—Use this setting for traffic that must get through to maintain and support the network infrastructure. Step 11 Enter milliseconds in the Time-to-Live entry fields. If you leave these settings at 0, the protocol adopts the default time-to-live values you entered in Step 7. Note The time-to-live values you enter should be compatible with the priority you select for the protocol. For example, if you select interactiveVoice as the priority and enter high time-to-live values, voice packets will stay in the bridge buffer longer than necessary, causing delivery of stale, useless packets. Step 12 Select Alert? yes to send an alert to the event log when a user transmits or receives the protocol through the bridge. Step 13 Click OK. The Filter Set page appears with the protocol listed at the bottom of the page. To edit the protocol entry, type the protocol name in the Special Cases entry field or click the select button beside the entry and click Edit. To delete the protocol, type the protocol name in the Special Cases entry field or click the select button beside the entry and click Remove. Step 14 To add another protocol to the filter set, repeat Step 8 through Step 13. When you have included all the protocols you need in the filter set, click OK. The EtherType Filters, IP Protocol Filters, or IP Port Filters page appears, and the filter sets you defined appear in the filter set list at the bottom of the page. Note After defining the protocol filter set, follow the steps in the Enabling a Protocol Filter section to activate the filter. Enabling a Protocol Filter Follow these steps to enable a protocol filter: Step 1 Complete the steps listed in the "Creating a Protocol Filter" section to define a protocol filter. Step 2 Follow the link path to the Ethernet Protocol Filters page or the Root Radio Protocol Filters page. Step 3 Select the protocol filter set that you want to enable from the Ethertype, IP Protocol, or IP Port drop-down menu. Step 4 Click OK. The filter set is enabled. MAC Address Filtering MAC address filters allow or disallow the forwarding of unicast and multicast packets either sent from or addressed to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. Note MAC address filters are powerful, and you can lock yourself out of the bridge if you make a mistake setting up the filters. If you accidentally lock yourself out of your bridge, follow the instructions in the "Using the Command-Line Interface" section to use the CLI to disable the filters. Use the Address Filters page to create MAC address filters for the bridge. Figure 5-6 shows the Address Filters page. Figure 5-6 Address Filters Page Follow this link path to reach the Address Filters page: 1. On the Summary Status page, click Setup. 2. On the Setup page, click Address Filters under Associations. Creating a MAC Address Filter Follow these steps to create a MAC address filter: Step 1 Follow the link path to the Address Filters page. Step 2 Type a destination MAC address in the New MAC Address Filter: Dest MAC Address field. You can type the address with colons separating the character pairs (00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example). Note If you plan to disallow traffic to all MAC addresses except those you specify as allowed, put your own MAC address in the list of allowed MAC addresses. If you plan to disallow multicast traffic, add the broadcast MAC address (ffffffffffff) to the list of allowed addresses. Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed to discard traffic to the MAC address. Step 4 Click Add. The MAC address appears in the Existing MAC Address Filters list. To remove the MAC address from the list, select it and click Remove. Tip You can create a list of allowed MAC addresses on an authentication server on your network. Consult the "Setting Up MAC-Based Authentication" section for instructions on using MAC-based authentication. Step 5 Click OK. You return automatically to the Setup page. Step 6 Click Advanced in the Root Radio row of the Network Ports section at the bottom of the Setup page. The Root Radio Advanced page appears. Figure 5-7 shows the Root Radio Advanced page. Figure 5-7 Root Radio Advanced Page Step 7 Click Advanced Primary SSID Setup. The Root Radio Primary SSID page appears. Figure 5-8 shows the Root Radio Primary SSID page. Figure 5-8 Root Radio Primary SSID Page Select Open, Shared Key, or Network-EAP to set the authentications the bridge recognizes. See the "Security Overview" section for a description of authentication types. If you use open or shared authentication as well as EAP authentication, select Require EAP under Open or Shared to block client devices that are not using EAP from authenticating through the bridge. Unicast MAC address filters allow or disallow the forwarding of unicast packets sent to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. Read the "Setting Up MAC-Based Authentication" section for complete instructions on using MAC-based authentication on an authentication server. Read the "Creating a MAC Address Filter" section for complete instructions on setting up MAC address filters. The drop-down menus for unicast address filters contain two options: •Allowed—The bridge forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page. •Disallowed—The bridge discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page or on your authentication server. Select Disallowed for each authentication type that also uses MAC-based authentication. Note If you plan to discard traffic to all MAC addresses except those you specify (the Disallowed setting), be sure to enter your own MAC address as allowed on the Address Filters page or on your authentication server. Step 8 Click OK. Your settings are saved and you return to the Root Radio Advanced Setup page. If clients are not filtered immediately, click WARM RESTART SYSTEM NOW on the Manage System Configuration page to restart the bridge. To reach the Manage System Configuration page, Click Cisco Services on the main Setup page and click Manage System Configuration on the Cisco Services Setup page. Note The Ethernet Advanced page contains the Default Unicast and Multicast Address Filter settings for the Ethernet port. These settings work as described above, but you should use extra caution changing the settings on the Ethernet Advanced page because they can lock you out of your bridge. To reach the Ethernet Advanced page, click Advanced in the Ethernet row of the Network Ports section at the bottom of the Setup page. Note Client devices with blocked MAC addresses cannot send or receive data through the bridge, but they might remain in the Association Table as unauthenticated client devices. Client devices with blocked MAC addresses disappear from the Association Table when the bridge stops monitoring them or they associate with another bridge. See the "Settings on the Association Table Advanced Page" section for information on setting a monitoring timeout for each device class. QoS Configuration You can assign QoS attributes to enable various devices on the network to communicate more effectively. The bridge supports QoS for voice over IP (VoIP) telephones and downlink prioritized channel access for streaming audio and video traffic. This section describes how to configure the bridge's QoS feature. Entering Information on the Quality of Service Setup Page Access the Quality of Service Setup page (see Figure 5-9) from the Summary Status page by clicking the Setup tab. From the Associations section of the Setup page, click Protocol Filters. This page is also accessed through the Root Radio Advanced page in the Network Ports section of the Setup page. Figure 5-9 Quality of Service Setup Page Follow this link path to reach the Quality of Service setup page: 1. On the Summary Status page, click Setup. The Setup page appears. 2. In the Associations section, click Protocol Filters. The Protocol Filters Setup page appears. 3. Click Quality of Service. The Root Radio Quality of Service page appears. Settings on the Quality of Service Setup Page The Quality of Service setup page contains the following settings: •Generate QBSS Element •Use Symbol Extensions •Send IGMP General Query •Traffic Category Generate QBSS Element Determines whether a QoS basic service set (QBSS) element is generated. The QBSS element determines the best bridge with which to associate. Use Symbol Extensions Configures the bridge to use Symbol Voice over IP (VoIP) phones. When this setting is enabled, the bridge uses the Symbol Phone Support protocol. This protocol identifies Symbol handsets and classifies traffic for them as interactive voice. Send IGMP General Query Configures the bridge to perform IP multicast filtering. Automatic IP multicast filtering is not directly supported on the bridge. This setting is the mechanism that injects IP multicast filtering onto Ethernet switches. Traffic Category Traffic category identifies a type of traffic in which data processed by the bridge is categorized. There are seven categories: •Background •Spare •Best effort •Excellent effort •Controlled load •Interactive video •Interactive voice •Network control Each category is assigned a minimum contention window (CWmin) value and a maximum contention window (CWmax) value. Allowed values for CWmin and CWmax are 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1023. Note Cisco recommends that you do not alter these settings without significant testing. If you do alter the values, CWmin must be less than or equal to CWmax. Applying QoS You can apply QoS to specific traffic handled by the bridge in a number of ways: •By station •By VLAN •By filter •By Class of Service (CoS) value •By differentiated services code point (DSCP) value By Station The bridge can prioritize traffic based upon a WLAN client identifying itself as a particular client type that requires a particular traffic classification. The best example of this is the negotiations between the bridge and a Symbol VoIP WLAN handset. A protocol has been defined by Symbol that allows the handset to be identified by the bridge and given interactive voice classification. Follow these steps to enable this feature. Step 1 Browse to the Setup screen on the bridge. Step 2 Click Protocol Filters in the Associations section. The Protocol Filters Setup page appears (Figure 5-10). Figure 5-10 Protocol Filters Setup Page Step 3 Click Quality of Service. The Root Radio Quality of Service page appears (Figure 5-11). Figure 5-11 Root Radio Quality of Service Page Step 4 Click the yes radio button in the Use Symbol Extensions setting. By VLAN The default priority of a VLAN can be set, and the bridge uses this setting for all traffic on that VLAN except when overridden by a filter setting. This filter setting is applied through the policy group on the VLAN. Follow these steps to set up a VLANs QoS default priority. Step 1 From the Setup page, click VLAN in the Associations section. The VLAN Setup page appears. Step 2 Choose the VLAN to which you want to apply the priorities by highlighting it in the Existing VLANs field, and click Edit. The VLAN ID page for that VLAN appears (Figure 5-12). Figure 5-12 VLAN ID page Step 3 To view the selections in the Default Priority field, click the drop-down menu. Step 4 Select the default priority you wish the VLAN to use. Step 5 Click OK to save your settings and return to the VLAN Setup page. By Filter bridge filters already allow the classification of traffic based upon Ethertype, Internet Protocol, or IP Port. An example of a filter classifying traffic is shown on Figure 5-13. Figure 5-13 Filters Priority Setting The filters can be applied on interfaces or as a part of a VLAN policy group. The bridge has a default filter to classify all Spectralink voice traffic with voice priority. You do not have to enable this filter, but you can modify the filter and apply it to a specific VLAN or interface. Note To set up a filter, see the "Filter Setup" section. A typical Spectralink filter configuration is shown on Figure 5-14. Figure 5-14 Spectralink Filter Configuration Figure 5-15 shows how the Spectralink filter is applied. Figure 5-15 Applying the Spectralink Filter By CoS Value Traffic that comes to the bridge over an Ethernet trunk is already classified by its Class of Service (CoS) settings. The classification is applied unless changed by one of the methods described above. By DSCP Value The differentiated services code point (DSCP) values in the IP packets can be used to classify the traffic based on the DSCP-to-CoS mappings shown in Figure 5-16. Figure 5-16 DSCP-to-CoS Conversion Follow these steps to access the DSCP-to-CoS Conversion page. Step 1 From the Summary Status page, click Setup. The Setup page appears. Step 2 In the Associations section, click Protocol Filters. The Protocol Filters Setup page appears. Step 3 Click DSCP-to-CoS Conversion.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.