Release Notes
487 | ipv6 firewall Dell Networking W-Series ArubaOS 6.4.x| Reference Guide
ipv6 firewall
ipv6 firewall
attack-rate {ping <number>|session <number>|tcp-syn <number>}
deny-inter-user-bridging |
drop-ip-fragments |
enable-per-packet-logging |
enforce-tcp-handshake |
prohibit-ip-spoofing |
prohibit-rst-replay |
session-idle-timeout <seconds> |
session-mirror-destination {ip-address <ipaddr>}|{port <slot/<port>}
Description
This command configures firewall options on the controller for IPv6 traffic.
Syntax
Parameter Description Range Default
attack-rate
Sets rates which, if exceeded, can indicate a denial
of service attack.
ping
Number of ICMP pings per 30 seconds, which if
exceeded, can indicate a denial of service attack.
Recommended value is 120.
1-16384 —
session
Number of TCP or UDP connection requests per 30
seconds, which if exceeded, can indicate a denial
of service attack. Recommended value is 960.
1-16384 —
tcp-syn
Number of TCP SYN messages per 30 seconds,
which if exceeded, can indicate a denial of service
attack. Recommended value is 960.
1-16384 —
deny-inter-user-bridging
Prevents the forwarding of Layer-2 traffic between
wired or wireless users. You can configure user
role policies that prevent Layer-3 traffic between
users or networks but this does not block Layer-2
traffic. This option can be used to prevent
Appletalk or IPX traffic from being forwarded.
— disabled
drop-ip-frag
ments
When enabled, all IP fragments are dropped. You
should not enable this option unless instructed to
do so by a Dell representative.
— disabled
enable-per-pac
ket-logging
Enables logging of every packet if logging is
enabled for the corresponding session rule.
Normally, one event is logged per session. If you
enable this option, each packet in the session is
logged. You should not enable this option unless
instructed to do so by a Dell representative, as
doing so may create unnecessary overhead on the
controller.
— disabled