User's Manual
377 | Roles and Policies Dell Networking W-Series ArubaOS 6.4.x| User Guide
RADIUS-authenticated clients, however the VSAs must be present on your RADIUS server. This involves
defining the vendor (Dell) and/or the vendor-specific code (14823), vendor-assigned attribute number,
attribute format (such as string or integer), and attribute value in the RADIUS dictionary file. VSAs supported
on controllers conform to the format recommended in RFC 2865, “Remote Authentication Dial In User Service
(RADIUS)”.
For more information on Dell VSAs, see RADIUS Server VSAs on page 228. Dictionary files that contain Dell
VSAs are available on the Dell support website for various RADIUS servers. Log into the Dell support website to
download a dictionary file from the Tools folder.
Understanding Global Firewall Parameters
Table 64 describes optional firewall parameters you can set on the controller for IPv4 traffic. To set these
options in the WebUI, navigate to the Configuration > Advanced Services > Stateful Firewall > Global
Setting page and select or enter values in the IPv4 column. To set these options in the CLI, use the firewall
configuration commands.
See IPv6 Support on page 175 for information about configuring firewall parameters for IPv6 traffic.
Parameter Description
Monitor Ping Attack (per 30
seconds)
Number of ICMP pings per 30 second, which if exceeded, can indicate a
denial of service attack. Valid range is 1-16384 pings per 30 seconds.
Recommended value is 120.
Default: No default
Monitor TCP SYN Attack rate
(per 30 seconds)
Number of TCP SYN messages per 30 second, which if exceeded, can
indicate a denial of service attack. Valid range is 1-16384 pings per 30
seconds.
Recommended value is 960.
Default: No default
Monitor IP Session Attack (per
30 seconds)
Number of TCP or UDP connection requests per 30 second, which if
exceeded, can indicate a denial of service attack. Valid range is 1-16384
requests per 30 seconds.
Recommended value is 960.
Default: No default
Monitor/Police ARP Attack (non
Gratuitous ARP) rate (per 30
seconds)
Number of ARP packets (other than Gratuitous ARP packets) per 30
seconds, which if exceeded, can indicate a denial of service attack. Valid
range is 1-16384 packets per 30 seconds.
Recommended value is 960.
Default: No default
NOTE: Blacklisting of wired clients is not supported.
Monitor/Police CP Attack rate
(per 30 seconds)
Rate of misbehaving user’s traffic, which if exceeded, can indicate a
denial or service attack.
Recommended value is 3000 frames per 30 seconds.
Default: No default
Monitor/Police Gratuitous ARP
Attack rate (per 30 seconds)
Number of Gratuitous ARP packets per 30 seconds, which if exceeded,
can indicate denial of service attack. Valid range is 1-16384 packets per
30 seconds.
Recommended value is 50.
Default: 50
NOTE: Blacklisting of wired clients is not supported.
Table 64: IPv4 Firewall Parameters