User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

371

372

373

374

375

376

377

378

379

380

Parameter Description

Deny Inter User Bridging Prevents the forwarding of Layer-2 traffic between wired or wireless

users. You can configure user role policies that prevent Layer-3 traffic

between users or networks but this does not block Layer-2 traffic. This

option can be used to prevent traffic, such as Appletalk or IPX, from being

forwarded.

Default: Disabled

Deny Inter User Traffic Denies traffic between untrusted users by disallowing layer2 and layer3

traffic. This parameter does not depend on the deny-inter-user-bridging

parameter being enabled or disabled.

Default: Disabled

Deny Source Routing

Permits the firewall to reject and log packets with the specified IP options

loose source routing, strict source routing, and record route. Note that

network packets where the IPv6 source or destination address of the

network packet is defined as an “link-local address (fe80::/64) are

permitted.

Default: Disabled

Deny All IP Fragments Drops all IP fragments.

NOTE: Do not enable this option unless instructed to do so by a Dell

representative.

Default: Disabled

Enforce TCP Handshake Before

Allowing Data

Prevents data from passing between two clients until the three-way TCP

handshake has been performed. This option should be disabled when

you have mobile clients on the network as enabling this option will cause

mobility to fail. You can enable this option if there are no mobile clients

on the network.

Default: Disabled

Prohibit IP Spoofing Enables detection of IP spoofing (where an intruder sends messages

using the IP address of a trusted client). When this option is enabled,

source and destination IP and MAC addresses are checked for each ARP

request/response. Traffic from a second MAC address using a specific IP

address is denied, and the entry is not added to the user table. Possible

IP spoofing attacks are logged and an SNMP trap is sent.

Default: Enabled

Prohibit RST Replay Attack When enabled, closes a TCP connection in both directions if a TCP RST is

received from either direction. You should not enable this option unless

instructed to do so by a Dell representative.

Default: Disabled

Log ICMP Errors Enables logging of received ICMP errors. You should not enable this

option unless instructed to do so by a Dell representative.

Default: Disabled

Stateful SIP Processing Disables monitoring of exchanges between a voice over IP or voice over

WLAN device and a SIP server. This option should be enabled only when

there is no VoIP or VoWLAN traffic on the network.

Default: Disabled (stateful SIP processing is enabled)

Allow Tri-session with DNAT Allows three-way session when performing destination NAT. This option

should be enabled when the controller is not the default gateway for

wireless clients and the default gateway is behind the controller. This

option is typically used for captive portal configuration.

Default: Disabled.

Dell Networking W-Series ArubaOS 6.4.x | User Guide Roles and Policies | 378