Using Access Control Lists for Security 351Use 6 or 7 only for SpectraLink VoIP phones. For other VoIP phones, use4 or 5.By default, the CoS level is -1, which indicates that class of service is notspecified.5 To enable counting of packets filtered by an ACL, select Enable HitCount.6 In the Source IP box, type the source IP address and source wildcard maskin classless interdomain routing (CIDR) notation (for example,10.10.10.10/16).A wildcard mask is a 32-bit quantity used with the IP address todetermine which bits in the address to ignore when compared withanother IP address. Source and destination IP addresses andcorresponding wildcard masks determine whether to forward or filterpackets.The ACL checks the bits in IP addresses that correspond to zeros in themask, but does not check the bits that correspond to ones. The zero bitmust start at the beginning of the wildcard mask and must becontiguous.For example, if you specify 10.2.3.4/24, the source wildcard mask is0.0.0.255.To specify any IP address, use 0.0.0.0/0.7 In the Destination IP box, type the destination IP address and destinationwildcard mask in CIDR notation.8 In the TOS box, type a TOS value from -1 to 15.The following lists specific values and their meanings:■ -1 (any) — All packets are subject to the ACE regardless of whetherTOS is set.■ 0 (normal) — Packets with normal TOS defined are filtered.Packet PriorityDesired CoS ValueMAP CoS QueueAssignedBackground 1 or 2 Class 3Best effort 0 or 3 Class 2Video 4 or 5 Class 1Voice 6 or 7 Class high
