Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

221

222

223

224

225

226

227

228

229

230

221 | IPv6 Support Dell Networking W-Series ArubaOS 6.4.x| User Guide

Field Description

Queue

(optional)

The queue in which a packet matching this rule should be placed. Select High for higher

priority data, such as voice, and Low for lower priority traffic.

Time Range

(optional)

Time range for which this rule is applicable. You configure time ranges in the

Configuration > Security > Access Control > Time Ranges page.

Black List

(optional)

Automatically blacklists a client that is the source or destination of traffic matching this

rule. This option is recommended for rules that indicate a security breach where the

blacklisting option can be used to prevent access to clients that are attempting to breach

the security.

TOS

(optional)

Value of type of service (TOS) bits to be marked in the IP header of a packet matching this

rule when it leaves the controller.

802.1p

Priority

(optional)

Value of 802.1p priority bits to be marked in the frame of a packet matching this rule

when it leaves the controller.

Table 40: IPv6 Firewall Policy Rule Parameters

The following example creates a policy "ipv6-web-only" that allows only web (HTTP and HTTPS) access for IPv6

clients and assigns the policy to the user role “web-guest."

The user role “web-guest” can include both IPv6 and IPv4 policies, although this example only shows configuration of

an IPv6 policy.

Creating an IPv6 Firewall Policy

Following the procedure below to create an IPv6 firewall policy via the WebUI.

1. Navigate to the Configuration > Security > Access Control > Policies page.

2. Click Add to create a new policy.

3. Enter ipv6-web-only for the Policy Name.

4. To configure a firewall policy, select Session for Policy Type.

5. Click Add to add a rule that allows HTTP traffic.

a. Under IP Version column, select IPv6.

b. Under Source, select network from the drop-down list.

c. For Host IP, enter 2002:d81f:f9f0:1000::.

d. For Mask, enter 64as the prefix-length.

e. Under Service, select service from the drop-down list.

f. Select svc-http from the scrolling list.

g. Click Add.

6. Click Add to add a rule that allows HTTPS traffic.

a. Under IP Version column, select IPv6.

b. Under Source, select network from the drop-down list.

c. For Host IP, enter 2002:d81f:f9f0:1000::.

d. For Mask, enter 64 as the prefix-length.

e. Under Service, select service from the drop-down list.