Table of Contents
Advertisement
ipv6 firewall
ipv6 firewall
attack-rate {ping <number>|session <number>|tcp-syn <number>}
deny-inter-user-bridging |
drop-ip-fragments |
enable-per-packet-logging |
enforce-tcp-handshake |
prohibit-ip-spoofing |
prohibit-rst-replay |
session-idle-timeout <seconds> |
session-mirror-destination {ip-address <ipaddr>}|{port <slot/<port>}
Description
This command configures firewall options on the controller for IPv6 traffic.
Syntax
Parameter
attack-rate
ping
session
tcp-syn
deny-inter-user-
bridging
drop-ip-frag
ments
enable-per-pac
ket-logging
enforce-tcp-
handshake
Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
Description
Sets rates which, if exceeded, can indicate a denial of service
attack.
Number of ICMP pings per second, which if exceeded, can
indicate a denial of service attack. Recommended value is 4
Number of TCP or UDP connection requests per second, which
if exceeded, can indicate a denial of service attack.
Recommended value is 32.
Number of TCP SYN messages per second, which if exceeded,
can indicate a denial of service attack. Recommended value is
32.
Prevents the forwarding of Layer-2 traffic between wired or
wireless users. You can configure user role policies that
prevent Layer-3 traffic between users or networks but this does
not block Layer-2 traffic. This option can be used to prevent
Appletalk or IPX traffic from being forwarded.
When enabled, all IP fragments are dropped. You should not
enable this option unless instructed to do so by an Dell
representative.
Enables logging of every packet if logging is enabled for the
corresponding session rule. Normally, one event is logged per
session. If you enable this option, each packet in the session is
logged. You should not enable this option unless instructed to
do so by an Dell representative, as doing so may create
unnecessary overhead on the controller.
Prevents data from passing between two clients until the three-
way TCP handshake has been performed. This option should
be disabled when you have mobile clients on the network as
enabling this option will cause mobility to fail. You can enable
this option if there are no mobile clients on the network.
Range
Default
1-255
—
1-255
—
1-255
—
—
disabled
—
disabled
—
disabled
—
disabled
ipv6 firewall | 343
Advertisement
Table of Contents
