User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

1041

l Network packets where the source address of the network packet is defined as being on a broadcast

network (source address == 255.255.255.255)

l Network packets where the source address of the network packet is defined as being on a multicast

network (source address = 224.0.0.0 – 239.255.255.255)

l Network packets where the source address of the network packet is defined as being a loopback address

(127.0.0.1 through 127.255.255.254)

l Network packets where the source or destination address of the network packet is a link-local address

(169.254.0.0/16)

l Network packets where the source or destination address of the network packet is defined as being an

address “reserved for future use” as specified in RFC 5735 for IPv4; (240.0.0.0/4)

l Network packets where the source or destination address of the network packet is defined as an

“unspecified address”(::/128) or an address “reserved for future definition and use”(addresses other than

2000::/3) as specified in RFC 3513 for IPv6. The IPv6 “an unspecified address”(::/128) is currently being

checked in datapath and the packet is dropped. This is the default behavior and you can view the logs by

enabling firewall enable-per-packet-logging configuration.

Roles

The following are predefined roles.

If you upgrade from a previous ArubaOS release, your existing configuration may have additional or different

predefined roles. The information in this section only describes the predefined roles for this release.

Predefined Role Description

user-role ap-role

session-acl control

session-acl ap-acl

This is an internal role and should not be edited.

user-role default-vpn-role

session-acl allowall

ipv6 session-acl v6-allowall

This is the default role used for VPN-connected clients. It is

referenced in the default "aaa authentication vpn" profile.

user-role voice

session-acl sip-acl

session-acl noe-acl

session-acl svp-acl

session-acl vocera-acl

session-acl skinny-acl

session-acl h323-acl

session-acl dhcp-acl

session-acl tftp-acl

session-acl dns-acl

session-acl icmp-acl

This role can be applied to voice devices in order to

automatically permit and prioritize all VoIP protocols.

user-role guest

session-acl http-acl

session-acl https-acl

session-acl dhcp-acl

session-acl icmp-acl

session-acl dns-acl

ipv6 session-acl v6-http-acl

This is a default role for guest users. It permits only HTTP,

HTTPS, DHCP, ICMP, and DNS for the guest user. To

increase security, a "deny" rule for internal network

destinations could be added at the beginning.

Table 231: Predefined Roles

Dell Networking W-Series ArubaOS 6.4.x | User Guide Behavior and Defaults | 1047