Predefined Policy Description
ip access-list session validuser
any any any permit
This firewall rule controls which users will be added to the
user-table of the switch through untrusted interfaces.
Only IP addresses permitted by this ACL will be admitted
to the system for further processing. If a client device
attempts to use an IP address that is denied by this rule,
the client device will be ignored by the switch and given
no network access. You can use this rule to restrict
foreign IP addresses from being added to the user-table.
This policy should not be applied to any user role, it is an
internal system policy.
ip access-list session vocera-acl
any any svc-vocera permit queue high
Use for Vocera VoIP devices to automatically permit and
prioritize Vocera traffic.
ip access-list session icmp-acl
any any svc-icmp permit
Permits all ICMP traffic.
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
Use for SIP VoIP devices to automatically permit and
prioritize all SIP control and data traffic.
ip access-list session https-acl
any any svc-https permit
Permits all HTTPS traffic.
ip access-list session dns-acl
any any svc-dns permit
Permits all DNS traffic.
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
The default pre-authentication role that should be used
by all wireless clients. Prohibits the client from acting as a
DHCP server. Permits all ICMP, DNS, and DHCP. Also
permits IPsec NAT-T (UDP 4500). Remove NAT-T if not
needed.
ip access-list session srcnat
user any any src-nat
This policy can be used to source-NAT all traffic. Because
no NAT pool is specified, traffic that matches this policy
will be source NATed to the IP address of the switch.
ip access-list session skinny-acl
any any svc-sccp permit queue high
Use for Cisco Skinny VoIP devices to automatically permit
and prioritize VoIP traffic.
ip access-list session tftp-acl
any any svc-tftp permit
Permits all TFTP traffic.
ip access-list session guest
This policy is not used.
ip access-list session dhcp-acl
any any svc-dhcp permit
Permits all DHCP traffic. If DHCP is not allowed, clients
will not be able to request or renew IP addresses.
ip access-list session http-acl
any any svc-http permit
Permits all HTTP traffic.
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
Use for Spectralink VoIP devices to automatically permit
and prioritize Spectralink Voice Protocol (SVP).
AOS-W 6.5.3.x | User Guide Behavior and Defaults | 1092
To Next Page
Loading...