Configuring and Managing Security ACLs 377Nortel WLAN Security Switch 2300 Series Configuration GuideEnabling SVP Optimization for SpectraLink PhonesYou can configure WSS Software to prioritize voice traffic for VoIP phones that use SpectraLink Voice Priority (SVP).If you disable WMM support and enable SVP support, WSS Software ensures voice quality for SpectraLink phonesusing SVP by allocating CoS queues 6 and 7 on the MAP for distinct SVP treatment as well as forwarding all trafficfrom that queue before forwarding traffic from other queues.You can enable SVP optimization on a VLAN, port group, port list, virtual port list, Distributed AP, or user wildcard. Toenable SVP optimization, disable WMM support on the radio profile that serves the SVP users, configure an ACL thatassigns traffic for IP protocol 119 to CoS queue 6 or 7, and map the ACL to the outbound traffic direction.For example, to enable SVP support for all users in VLAN corp_vlan, perform the following steps:1 Disable WMM support on the radio profile that will serve SVP users, to enable SVP optimization on APforwarding queues 6 and 7 for radios managed by that radio profile:23x0# set radio-profile radprofsvp wmm disable2 Configure an ACE in ACL svp that assigns IP protocol 119 traffic for all source and destination addressesto CoS queue 7:23x0# set security acl ip svp permit cos 7 119 0.0.0.0 255.255.255.255 0.0.0.0255.255.255.2553 Configure another ACE to change the default action of the ACL from deny to permit. Otherwise, theACL permits only voice traffic that matches the previous ACE and denies all other traffic.23x0# set security acl ip svp permit 0.0.0.0 255.255.255.2554 Commit the ACL to the configuration:23x0# commit security acl svp5 Map the ACL to the outbound traffic direction of VLAN corp_vlan:23x0# set security acl map voip vlan corp_vlan outSecurity ACL Configuration ScenarioThe following scenario illustrates how to create a security ACL named acl-99 that consists of one ACE to permitincoming packets from one IP address, and how to map the ACL to a port and a user:1 Type the following command to create and name a security ACL and add an ACE to it.23x0# set security acl ip acl-99 permit 192.168.1.1 0.0.0.02 To view the ACE you have entered, type the following command:23x0# show security acl editbufferACL Type Status---------------------------------- ---- -------------acl-99 IP Not committed3 To save acl-99 and its associated ACE to the configuration, type the following command:23x0# commit security acl acl-99