LOS SERVICIOS SOCIALES

1. From the Organizer panel, select a WLC. 2. Under System, select ACLs.

3. Under Create, click Create ACL. 4. Enter a unique name for the ACL.

In the ACL Name field, type the name for the ACL (1 to 32 alphanumeric characters, with no spaces or tabs). The name can include hyphens (-), underscores (_), or periods (.). ACL names are case-sensitive and must begin with a letter. Do not include any of the following terms in the name: all, default-action, map, help, editbuffer.

Adding a MAC Based Rule

To add a MAC based rule, follow these steps:

5. Click Add MAC Based Rule. The MAC Based Rules list is populated with default values.

6. To change the Source MAC from the default value of Any, click the arrow to display Source MAC Details. From the Source MAC Name list, select from Any or Other. If you select Other, enter the MAC address in the Source MAC Address field. Click OK.

7. Repeat Step 6 for the Destination MAC field.

8. To change the Ethertype, click the arrow to display Ethertype Details. From the Ethertype name list, you can select from Any, ARP, IPv4, IPv6, or Other. Click OK to close the window.

9. Select Permit or Deny from the Action list. 10. Adjust the CoS value if necessary.

11. If you have multiple rules configured, you can adjust the rule placement in the list by using the arrows at the end of each row to move the rule up or down in the list.

12. To delete a rule, select it from the list and click Delete.

Adding an IP Based Rule

To add an IP based rule, follow these steps:

Informational Note:

Any ACL that refers to a DAP can be configured on the seed only as it references domain configuration. ACLs with mappings to ports, vports, and VLANs can be defined at member WLCs as well. If an ACL with the same name is defined in both the domain configuration and on a member WLC local configuration, the ACL from the WLC configuration is applied.

2 Creating an Access Control List (ACL) Copyright © 2011, Juniper Networks, Inc. 13. Click Add IP Based Rule.

After adding an ACE to the table, each subsequent ACE appears above the implicit deny al

ACE at the bottom of the list, but beneath all of the other configured ACEs. An MX uses ACEs in the order in which they appear in the list, beginning at the top. Because the action in the first ACE that matches a packet is used, the order in which ACEs are listed is important.

14. The list is automatically populated with default values.

15. To add a Source IP or Destination IP, select the field and enter the IP addresses with subnet masks.

16. To change the Protocol, click the arrow to display Protocol Details information. From the Protocol Name list, select from any, tcp, udp, icmp, svp, or other. If you select other, adjust the Protocol Number accordingly.

17. To specify the TCP or UDP source port: Click the down arrow in the Source Port column.

18. Select the comparison operator from the Operator pull-down list:  Less Than

 Greater Than

Informational Note:

Each ACL has a rule at the end that denies all source and destination IP addresses. This rule provides security be ensuring that the only traffic permitted by an ACL is the traffic you want to permit. This rule is automatically added to the end of each ACL and cannot be edited or removed.

IP Protocol Number Protocol

1 Internet Control Message Protocol (ICAP) 2 Internet Group Management Protocol (IGAP) 6 Transmission Control Protocol (TCP)

9 Any private interior gateay (Used by Cisco Internet Gateway Protocol) 17 User Datagram Protocol (UDP)

41 IPv6

46 Reservation Protocol (RSVP) 47 Generic Routing Encapsulation (GRE)

50 Encapsulation Security Payload for IPSec (IPSec-ESP) 51 Authentication Header for IPSec (IPSec-AH) 55 IP Mobility (Mobile IP)

88 Enhanced Interior Gateway Routing Protocol (EIGRP) 89 Open Shortest Path First (OSPF) protocol

103 Protocol Independent Multicast (PIM) 112 Virtual Router Redundancy Protocol (VRRP) 115 Layer 2 Tunneling Protocol (L2TP)

Copyright © 2011, Juniper Networks, Inc. Creating an Access Control List (ACL) 3  Equal

 Not Equal  Range

 None (no comparison is required)

19. Select the well-known port name from the Port Name list. If the name is not in the list, select Other and type or select a port number in the Port Number field. 20. If you selected Range as the comparison operator, type or select the ending

port number of the range in the Range End field. The number must be higher than the port number in the Port Number field.

21. Specify the TCP or UDP destination source port. The options are the same as those for the source port.

22. To match based on DSCP value or IP TOS and IP precedence values: a. Click on the down arrow in the DSCP column.

b. Select Type Of Service or Diff-Serv Code Point.

23. If you selected Type Of Service, select the IP precedence value from the Precedenceblist.

 Any (-1) . All packets are subject to the ACL regardless of whether precedence is set.

 Routine (0) . Packets with routine precedence are filtered.  Priority (1) . Packets with priority precedence are filtered.  Immediate (2) . Packets with immediate precedence are filtered.  Flash (3) . Packets with flash precedence are filtered.

 Flash Override (4) . Packets with flash override precedence are filtered.  CRITIC/ECP (5) . Packets with critical precedence are filtered.

 Internetwork Control (6) . Packets with internetwork control precedence are filtered.

 Network Control (7) . Packets with network control precedence are filtered. 24. Select the ToS value in the TOS field.

 -1 (any) . All packets are subject to the ACE regardless of whether TOS is set.

 0 (normal) . Packets with normal TOS defined are filtered.

 1 (minimum monetary cost) . Packets with minimum monetary cost TOS defined are filtered.

25. 2 (maximum reliability) . Packets with maximum reliability TOS defined are filtered.

26. 4 (maximum throughput) . Packets with maximum throughput TOS defined are filtered.

4 Creating an Access Control List (ACL) Copyright © 2011, Juniper Networks, Inc. 27. 8 (minimum delay) . Packets with minimum delay TOS defined are filtered.

By default, the TOS value is -1 (any).

28. In addition to these specific values, you can specify a number from 1 to 15 that is the sum of TOS option values. For example, to select minimum delay and maximum throughput as the TOS options, type 12, which is the sum of the two values.

29. Select the action from the Action list:

 Permit — Allows access if the conditions in the ACE are matched  Deny — Refuses access if the conditions in the ACE are matched 30. To mark the packet with a CoS value, select a value in the CoS field.

By default, the CoS Value is -1 (any).

31. If you have multiple rules configured, you can adjust the rule placement in the list by using the arrows at the end of each row to move the rule up or down in the list.

32. Click OK to save the configuration.

33. To delete a rule, select it from the list and click Delete. Table 1: CoS Values

Packet Priority Desired CoS Value AP Forwarding Queue Assignment

Background 1 or 2 4

Best Effort 0 or 3 3

Video 4 or 5 2

Copyright © 2011, Juniper Networks, Inc. Editing an Access Control List (ACL) Rules for an Existing Rule 1