Concept Guide
Table Of Contents
- Revision History
- The ArubaOS Command-Line Interface
- aaa auth-survivability
- aaa authentication captive-portal
- aaa authentication dot1x
- aaa authentication mac
- aaa authentication mgmt
- aaa authentication-server internal
- aaa authentication-server ldap
- aaa authentication-server radius
- aaa authentication-server tacacs
- aaa authentication-server windows
- aaa authentication stateful-dot1x
- aaa authentication stateful-dot1x clear
- aaa authentication stateful-kerberos
- aaa authentication stateful-ntlm
- aaa authentication via auth-profile
- aaa authentication via connection-profile
- aaa authentication via global-config
- aaa authentication via web-auth
- aaa authentication vpn
- aaa authentication wired
- aaa authentication wispr
- aaa bandwidth-contract
- aaa derivation-rules
- aaa dns-query-interval
- aaa inservice
- aaa ipv6 user add
- aaa ipv6 user clear-sessions
- aaa ipv6 user delete
- aaa ipv6 user logout
- aaa log
- aaa password-policy mgmt
- aaa profile
- aaa query-user
- aaa radius-attributes
- aaa rfc-3576-server
- aaa server-group
- aaa tacacs-accounting
- aaa test-server
- aaa timers
- aaa trusted-ap
- aaa user add
- aaa user clear-sessions
- aaa user delete
- aaa user fast-age
- aaa user logout
- aaa user monitor
- aaa user purge-log
- aaa user stats-poll
- aaa xml-api
- activate
- activate-service-whitelist
- adp
- airgroup
- airgroupservice
- airgroup static mdns-record
- am
- amon msg-buffer-size
- ap authorization-profile
- ap consolidated-provision info
- ap-crash-transfer
- ap debug advanced-stats
- ap debug client-trace start
- ap debug client-trace stop
- ap debug dot 11r remove-key
- ap debug radio-event-log
- ap debug radio-registers dump
- ap enet-link-profile
- ap flush-r1-on-new-r0
- ap image-preload
- ap-lacp-striping-ip
- ap lldp med-network-policy-profile
- ap lldp profile
- ap mesh-cluster-profile
- ap mesh-ht-ssid-profile
- ap mesh-radio-profile
- ap provisioning-profile
- ap packet-capture
- ap process restart
- ap regulatory activate
- ap regulatory-domain-profile
- ap regulatory reset
- ap spectrum clear-webui-view-settings
- ap spectrum local-override
- ap system-profile
- ap wipe out flash
- ap wired-ap-profile
- ap wired-port-profile
- apboot
- apconnect
- apdisconnect
- apflash [deprecated]
- ap-group
- ap-leds
- ap-move
- ap-name
- ap-regroup
- ap-rename
- app skype4b traffic-control
- arm move-sta
- arp
- audit-trail
- backup
- banner motd
- block-redirect-url
- boot
- cellular profile
- cfgm
- clear
- clear aaa auth-survivability-cache
- clear wms wired-mac
- clock append
- clock set
- clock summer-time recurring
- clock timezone
- cluster-member-custom-cert
- cluster-member-factory-cert
- cluster-member-ip
- cluster-root-ip
- configure terminal
- control-plane-security
- controller-ip
- controller-ipv6
- copy
- cp-bandwidth-contract
- crypto-local ipsec sa-cleanup
- crypto dynamic-map
- crypto ipsec
- crypto isakmp
- crypto isakmp block-aruba-ca
- crypto isakmp policy
- crypto-local ipsec-map
- crypto-local isakmp allow-via-subnet-routes
- crypto-local isakmp ca-certificate
- crypto-local isakmp certificate-group
- crypto-local isakmp disable-aggressive-mode
- crypto_local isakmp disable-ipcomp
- crypto-local isakmp dpd
- crypto-local isakmp key
- crypto-local isakmp permit-invalid-cert
- crypto-local isakmp sa-cleanup
- crypto-local isakmp server-certificate
- crypto-local isakmp xauth
- crypto-local pki
- crypto-local pki rcp
- crypto map global-map
- crypto
- crypto
- crypto pki-import
- database synchronize
- delete
- destination
- dialer group
- dir
- disable-whitelist-sync
- dot1x
- dpi
- dynamic-ip
- eject usb
- enable
- enable bypass
- enable secret
- encrypt
- esi group
- esi parser domain
- esi parser rule
- esi parser rule‑test
- esi ping
- esi server
- exit
- export
- file syncing profile
- fips
- firewall
- firewall cp
- firewall cp-bandwidth-contract
- firewall-visibility
- gateway health-check disable
- guest-access-email
- ha
- halt
- help
- hostname
- iap del branch-key
- iap trusted-branch-db
- ids ap-classification-rule change
- ids ap-rule-matching
- ids dos-profile
- ids general-profile
- ids impersonation-profile
- ids management-profile
- ids profile
- ids rate-thresholds-profile
- ids signature-matching-profile
- ids signature-profile
- ids unauthorized-device-profile
- ids wms-general-profile
- ids wms-local system-profile
- ifmap
- Interface cellular
- interface fastethernet | gigabitethernet
- interface loopback
- interface port-channel
- interface-profile voip-profile
- interface range
- interface tunnel
- interface vlan
- interface vlan ipv6
- interface vlan ip igmp proxy
- ip access-list eth
- ip access-list extended
- ip access-list ip-geolocation
- ip access-list mac
- ip access-list route
- ip access-list session
- ip access-list standard
- ip cp-redirect-address
- ip default-gateway
- ip dhcp excluded-address
- ip dhcp pool
- ip domain lookup
- ip domain-name
- ip igmp
- ip local
- ip mobile active-domain
- ip mobile domain
- ip mobile foreign-agent
- ip mobile home-agent
- ip mobile packet-trace
- ip mobile proxy
- ip mobile revocation
- ip name-server
- ip nat
- ip nexthop-list
- ip ospf
- ip probe default
- ip probe health-check
- ip radius
- ids rap-wml-server-profile
- ids rap‑wml-table-profile
- ip reputation
- ip route
- ipv6 cp-redirect-address
- ipv6 default-gateway
- ipv6 dhcp excluded-address
- ipv6 dhcp pool
- ipv6 enable
- ipv6 firewall
- ipv6 neighbor
- ipv6 mld
- ipv6 proxy-ra
- ipv6 radius
- ipv6 route
- kernel coredump
- lacp group
- lacp port-priority
- lacp system-priority
- lacp timeout
- lcd-menu
- license
- local-custom-cert
- local-factory-cert
- localip
- local-userdb add
- local-userdb-ap del
- local-userdb-branch
- local-userdb del
- local-userdb export
- local-userdb fix-database
- local-userdb-guest add
- local-userdb-guest del
- local-userdb-guest modify
- local-userdb-guest send-email
- local-userdb import
- local-userdb maximum-expiration
- local-userdb modify
- local-userdb-branch
- local-userdb send-to-guest
- local-userdb send-to-sponsor
- location
- location-server-feed
- logging
- logging facility
- logging level
- loginsession
- logout
- mac-address-table
- master-redundancy master-vrrp
- masterip
- master-redundancy peer-ip
- mgmt-server profile
- mgmt-server type
- mgmt-user
- mobility-manager
- netdestination
- netdestination6
- netexthdr
- netservice
- ntp authenticate
- ntp authentication-key
- ntp server
- ntp standalone
- ntp trusted-key
- packet-capture
- packet-capture-defaults
- page
- paging
- pan active-profile
- pan profile
- panic
- pan-options
- papi-security
- perf-test
- pcap (deprecated)
- phonehome
- ping
- pkt-trace
- pkt-trace-global
- pptp ip local pool
- priority-map
- process monitor
- prompt
- provision-ap
- reload
- rename
- restore
- rf am-scan-profile
- rft
- rf arm-rf-domain-profile
- rf arm-profile
- rf dot11a-radio-profile
- rf dot11g-radio-profile
- rf event-thresholds-profile
- rf ht-radio-profile
- rf optimization-profile
- rf spectrum-profile
- router mobile
- router ospf
- routing-policy-map
- service
- show aaa accounting tacacs
- show aaa authentication all
- show aaa authentication captive-portal
- show aaa authentication captive-portal customization
- show aaa authentication dot1x
- show aaa authentication mac
- show aaa authentication mgmt
- show aaa authentication stateful-dot1x
- show aaa authentication stateful-ntlm
- show aaa authentication via auth-profile
- show aaa authentication via connection-profile
- show aaa authentication via web-auth
- show aaa authentication vpn
- show aaa authentication wired
- show aaa authentication wispr
- show aaa authentication-server all
- show aaa authentication-server internal
- show aaa authentication-server ldap
- show aaa authentication-server radius
- show aaa authentication-server tacacs
- show aaa authentication-server windows
- show aaa bandwidth-contracts
- show aaa debug
- show aaa derivation-rules
- show aaa dns-query-interval
- show aaa fqdn-server-names
- show aaa load-balance statistics
- show aaa main-profile
- show aaa password-policy mgmt
- show aaa profile
- show aaa radius-attributes
- show aaa rfc-3576-server
- show aaa server-group
- show aaa state ap-group
- show aaa state configuration
- show aaa state debug-statistics
- show aaa state log
- show aaa state messages
- show aaa state station
- show aaa state user
- show aaa tacacs-accounting
- show aaa timers
- show aaa web admin-port
- show aaa xml-api server
- show aaa xml-api statistics
- show acl ace-table
- show acl acl-table
- show acl hits
- show activate-service-whitelist
- show adp config
- show adp counters
- show airgroup
- show airgroup active-domains
- show airgroup blocked-queries
- show airgroup blocked-service-id
- show airgroup cache entries
- show airgroup cppm
- show airgroup cppm-server
- show airgroup domain
- show airgroup internal-state statistics
- show airgroup global-credits
- show airgroup multi-controller-table
- show airgroup servers
- show airgroup status
- show airgroup users
- show airgroup vlan
- show airgroupservice
- show ap active
- show ap-group
- show ap-name
- show ap allowed-channels
- show ap ap-group
- show ap arm client-match history
- show ap arm client-match neighbors
- show ap arm client-match Pending
- show ap arm client-match probe-report
- show ap arm client-match restriction-table
- show ap arm client-match summary
- show ap arm client-match unsupported
- show ap arm history
- show ap arm neighbors
- show ap arm rf-summary
- show ap arm scan-times
- show ap arm split-scan-history
- show ap arm state
- show ap arm status
- show ap arm virtual-beacon-report
- show ap association
- show ap association remote
- show ap authorization-profile
- show ap blacklist-clients
- show ap bss-table
- show ap bw-report
- show ap client status
- show ap client trail-info
- show ap config
- show ap consolidated-provision info
- show ap-crash-transfer
- show ap database
- show ap database-summary
- show ap debug bandwidth-management
- show ap debug ble-config
- show ap debug ble-counters
- show ap debug ble-log
- show ap debug ble-table
- show ap debug ble-update-status
- show ap debug bss-config
- show ap debug bss-stats
- show ap debug client-deauth-reason-counters
- show ap debug client-mgmt-counters
- show ap debug client-stats
- show ap debug client-table
- show ap debug client-trace
- show ap debug counters
- show ap debug crash-info
- show ap debug crypto
- show ap debug datapath
- show ap debug dot11r
- show ap debug dot11r state
- show ap debug driver-log
- show ap debug gre-tun-stats
- show ap debug gsm-counters
- show ap debug ipc forwarding-statistics
- show ap debug lacp
- show ap debug lldp
- show ap debug log
- show ap debug config-msg-history
- show ap debug dot11r state
- show ap debug port status
- show ap debug radar-logs
- show ap debug radio-event-log status
- show ap debug radio-info
- show ap debug radio-registers
- show ap debug radio-stats
- show ap debug received-config
- show ap debug shaping-table
- show ap debug spanning-tree
- show ap debug switching
- show ap debug system-status
- show ap debug trace-addr
- show ap debug usb
- show ap details
- show ap enet-link-profile
- show ap essid
- show ap ht-rates
- show ap image-preload-status (deprecated)
- show ap image-preload status
- show ap image version
- show ap-lacp-striping-ip
- show ap license-usage
- show ap lldp
- show ap lldp counters
- show ap lldp med-network-policy-profile
- show ap lldp neighbors
- show ap load-balancing
- show ap mesh active
- show ap mesh-cluster-profile
- show ap mesh debug counters
- show ap mesh debug current-cluster
- show ap mesh debug forwarding-table
- show ap mesh debug hostapd-log
- show ap mesh debug meshd-log
- show ap mesh debug provisioned-clusters
- show ap mesh-ht-ssid-profile
- show ap mesh neighbors
- show ap mesh-radio-profile
- show ap mesh tech-support
- show ap mesh topology
- show ap monitor
- show ap monitor association
- show ap monitor debug
- show ap monitor stats
- show ap packet capture
- show ap papi-err
- show ap port status
- show ap profile-usage
- show ap provisioning
- show ap provisioning-profile
- show ap radio-database
- show ap radio-summary
- show ap regulatory
- show ap regulatory-domain-profile
- show ap remote counters
- show ap remote debug anul-sta-entries
- show ap remote debug association
- show ap remote debug association
- show ap remote debug association-failure
- show ap remote debug bss-config
- show ap remote debug client-mgmt-counters
- show ap remote debug flash-config
- show ap remote debug mgmt-frames
- show ap snmp
- show ap spectrum ap-list
- show ap spectrum channel-metrics
- show ap spectrum channel-summary
- show ap spectrum client-list
- show ap spectrum debug
- show ap spectrum debug fft
- show ap spectrum debug monitors
- show ap spectrum debug status
- show ap spectrum device-duty-cycle
- show ap spectrum device-history
- show ap spectrum device-list
- show ap spectrum device-log
- show ap spectrum device-summary
- show ap spectrum interference-power
- show ap spectrum-load-balancing
- show ap spectrum local-override
- show ap spectrum monitors
- show ap spectrum technical-support
- show ap standby
- show ap system-profile
- show ap tech-support
- show ap vht-rates
- show ap virtual-beacon-report
- show ap vlan-usage
- show ap wired-ap-profile
- show ap wired-port-profile
- show ap wired stats
- show ap wmm-flow
- show app skype4b call-cdrs
- show app skype4b call-quality
- show app skype4b client-status
- show app skype4b tracebuf
- show app skype4b traffic-control
- show ap-group
- show ap-name
- show arp
- show audit-trail
- show auth-survivability
- show auth-survivability-cache
- show auth-tracebuf
- show banner
- show ble_relay
- show boot
- show branch
- show branch-config-group
- show branch-dhcp-pool
- show branch master-l3redundancy
- show cellular profile
- show clock
- show cluster-config
- show cluster-switches
- show command-mapping
- show configuration
- show controller-ip
- show controller-ipv6
- show control-plane-security
- show country
- show cp-bwcontracts
- show cpuload
- show crypto-local ipsec-map
- show crypto dp
- show crypto dynamic-map
- show crypto ipsec
- show crypto isakmp
- show crypto-local isakmp
- show crypto-local pki
- show crypto map
- show crypto pki
- show database
- show datapath
- show destination
- show dialer group
- show dir (deprecated)
- show dot1x ap-table
- show dot1x ap-table aes
- show dot1x ap-table dynamic-wep
- show dot1x ap-table static-wep
- show dot1x ap-table tkip
- show dot1x counters
- show dot1x supplicant-info
- show dot1x supplicant-info list-all
- show dot1x supplicant-info pmkid
- show dot1x supplicant-info statistics
- show dot1x watermark
- show dpi
- show esi groups
- show esi parser
- show esi ping
- show esi servers
- show faults
- show file syncing profile
- show fips
- show firewall
- show firewall-cp
- show firewall-visibility
- show flush-r1-on-new-r0
- show gap-debug
- show gateway health-check
- show global-user-table count
- show-global-user-table list
- show guest-access-email
- show ha ap
- show ha group
- show ha heartbeat counters
- show ha oversubscription statistics
- show hostname
- show iap detailed-table
- show iap table
- show iap trusted-branch-db
- show ids ap-classification-rule
- show ids ap-rule-matching
- show ids dos-profile
- show ids general-profile
- show ids impersonation-profile
- show ids management-profile
- show ids profile
- show ids rate-thresholds-profile
- show ids signature-matching-profile
- show ids signature-profile
- show ids unauthorized-device-profile
- show ids wms-general-profile
- show ifmap
- show ip interface brief
- show image version
- show interface cellular access-group
- show interface counters
- show interface fastethernet
- show interface gigabitethernet
- show interface loopback
- show interface port-channel
- show interface-profile voip-profile
- show interface tunnel
- show interface vlan
- show inventory
- show iostat
- show ip access-group
- show ip access-list
- show ip cp-redirect-address
- show ip dhcp
- show ip domain-name
- show ip health-check
- show ip igmp
- show ip mobile
- show ip nat pool
- show ip nexthop-list
- show ip ospf
- show ip pppoe-info
- show ip probe
- show ip radius
- show ip-reputation
- show ip route
- show ipc statistics app-ap
- show ipc statistics app-id
- show ipc statistics app-name
- show ipv4 user-table
- show ipv6 dhcp
- show ipv6 firewall
- show ipv6 interface
- show ipv6 mld config
- show ipv6 mld counters
- show ipv6 mld group
- show ipv6 mld interface
- show ipv6 mld proxy-group
- show ipv6 mld proxy-stats
- show ipv6 mld proxy-mobility-group
- show ipv6 mld proxy-mobility-stats
- show ipv6 neighbors
- show ipv6 ra status
- show ipv6 route
- show ipv6 user-table
- show keys
- show lacp
- show lacp sys-id
- show lcd-menu
- show license
- show license aggregate
- show license client-table
- show license debug
- show license heartbeat stats
- show license profile
- show license server-table
- show license server-redundancy
- show license-usage
- show lldp interface
- show lldp neighbor
- show lldp statistics
- show local-cert-mac
- show localip
- show local-userdb
- show local-userdb-ap
- show local-userdb-branch
- show local-userdb-guest
- show local-userdb username
- show local-userdb username
- show localip
- show log all
- show log ap-debug
- show log arm-user-debug
- show log bssid-debug
- show log errorlog
- show log essid-debug
- show log network
- show log security
- show log system
- show log user
- show log user-debug
- show log wireless
- show logging
- show loginsessions
- show mac-address-table
- show master-configpending
- show master-local stats
- show master-redundancy
- show memory
- show mgmt-role
- show mgmt-server
- show mgmt-servers
- show mgmt-users
- show tunneled-node config
- show netdestination
- show netexthdr
- show netservice
- show netstat stats
- show network-printer (deprecated)
- show network-storage (deprecated)
- show ntp trusted-keys
- show ntp peer
- show ntp servers
- show ntp status
- show packet-capture
- show packet-capture-defaults
- show pan active-profile
- show pan-options
- show pan state
- show pan statistics
- show pan-gp
- show pan-options
- show papi kernel-socket-stats
- show papi-security
- show perf-test reports
- show poe
- show port link-event
- show port monitor
- show port stats
- show port status
- show port trusted
- show port xsec
- show priority-map
- show processes
- show profile-errors
- show profile-hierarchy
- show profile-list aaa
- show profile-list ap
- show profile-list app
- show profile-list ap-group
- show profile-list ap-name
- show profile-list ha
- show profile-list ids
- show profile-list mgmt-server
- show profile-list rf
- show profile-list wlan
- show provisioning-ap-list
- show provisioning-params
- show rap-wml
- show references aaa authentication
- show references aaa authentication-server
- show references aaa profile
- show references aaa rfc-3576-server
- show references aaa server-group
- show references activate-service-whitelist
- show references airgroup
- show references ap
- show references app
- show references guest-access-email
- show references ha
- show references ids
- show references ifmap cppm
- show references license profile
- show references mgmt-server profile
- show references papi-security
- show references rf
- show references upgrade-profile
- show references user-role
- show references web-server
- show references wlan
- show rf am-scan-profile
- show rf arm-rf-domain-profile
- show rf arm-profile
- show rf dot11a-radio-profile
- show rf dot11g-radio-profile
- show rf event-thresholds-profile
- show rf ht-radio-profile
- show rf optimization-profile
- show rf spectrum-profile
- show rft profile
- show rft result
- show rft transactions
- show rights
- show roleinfo
- show route-access-list
- show rrm dot11k admission-capacity
- show rrm dot11k ap-channel-report
- show rrm dot11k beacon-report
- show rrm dot11k neighbor-report
- show rrm dot11k transmit-stream-report station-mac
- show running-config
- show session-acl-list
- show slots
- show snmp community
- show snmp inform
- show snmp trap-hosts
- show snmp trap-list
- show snmp trap-queue
- show snmp user-table
- show spanning-tree
- show spantree
- show ssh
- show sso idp-profile
- show startup-config
- show station-table
- show storage
- show switch ip
- show switch software
- show switches
- show switchinfo
- show syscontact
- show syslocation
- show tech-support
- show telnet
- show threshold
- show threshold-limits
- show time-range
- show timer debug statistics app-name
- show tpm cert-info (deprecated)
- show trunk
- show tunnel-group
- show tunneled-node
- show ucc call-info cdrs
- show ucc client-info
- show ucc configuration
- show ucc dns-ip-learning
- show ucc statistics
- show ucc trace-buffer
- show upgrade configuration
- show upgrade status
- show upgrade-profile
- show uplink
- show usb
- show user
- show user-table
- show util_proc
- show valid-network-oui-profile
- show version
- show via
- show vlan
- show vlan-assignment
- show vlan-assignment-auth
- show vlan mapping
- show vlan status
- show vlan summary
- show vlan-bwcontract-explist
- show voice alg-based-cac (deprecated)
- show voice call-cdrs (deprecated)
- show voice call-counters (deprecated)
- show voice call-density (deprecated)
- show voice call-perf (deprecated)
- show voice call-quality (deprecated)
- show voice call-stats (deprecated)
- show voice client-status (deprecated)
- show voice configurations (deprecated)
- show voice dialplan-profile (deprecated)
- show voice facetime
- show voice logging (deprecated)
- show voice msg-stats
- show voice real-time-analysis (deprecated)
- show voice real-time-analysis-config (deprecated)
- show voice rtcp-inactivity (deprecated)
- show voice sip (deprecated)
- show voice sip-midcall-req-timeout (deprecated)
- show voice statistics (deprecated)
- show voice trace
- show voice wificalling
- show vpdn l2tp configuration
- show vpdn pptp configuration
- show vpdn pptp local pool
- show vpn-dialer
- show vrrp
- show web-cc
- show web-server
- show web-proxy
- show whitelist-db cpsec
- show whitelist-db cpsec-local-switch-list
- show whitelist-db cpsec-master-switch-list
- show whitelist-db cpsec-seq
- show whitelist-db cpsec-status
- show whitelist-db rap
- show whitelist-db rap-local-switch-list
- show whitelist-db rap-master-switch-list
- show whitelist-db rap-status
- show wlan anyspot-profile
- show wlan bcn-rpt-req-profile
- show wlan dot11k-profile
- show wlan dot11r-profile
- show wlan edca-parameters-profile
- show wlan handover-trigger-profile
- show wlan hotspot advertisement-profile
- show wlan hotspot anqp-3gpp-nwk-profile
- show wlan hotspot anqp-domain-name-profile
- show wlan hotspot anqp-ip-addr-avail-profile
- show wlan hotspot anqp-nai-realm-profile
- show wlan hotspot anqp-nwk-auth-profile
- show wlan hotspot anqp-roam-cons-profile
- show wlan hotspot anqp-venue-name-profile
- show wlan hotspot hs2-profile
- show wlan hotspot h2qp-conn-capability-profile
- show wlan hotspot h2qp-op-cl-profile
- show wlan hotspot h2qp-operator-friendly-name-profile
- show wlan hotspot h2qp-wan-metrics-profile
- show wlan ht-ssid-profile
- show wlan ssid-profile
- show wlan traffic-management-profile
- show wlan tsm-req-profile
- show wlan virtual-ap
- show wlan voip-cac-profile
- show wlan wmm-traffic-management-profile
- show wms ap
- show wms channel
- show wms client
- show wms counters
- show wms monitor-summary
- show wms probe
- show wms rogue-ap
- show wms routers
- show wms rules
- show wms system
- show wms wired-mac
- show ip interface brief
- shutdown
- snmp-server
- spanning-tree (Global Configuration)
- spanning-tree mode
- spanning-tree (Configuration Interface)
- spanning-tree vlan range (PVST+)
- ssh
- ssh
- sso idp-profile
- stm
- support
- syscontact
- syslocation
- tar
- telnet
- telnet
- threshold
- time-range
- tracepath
- traceroute
- trusted
- tunnel-group
- tunnel-loop-prevention
- tunnel-node-mtu
- tunneled-node-address
- upgrade
- upgrade-profile
- uplink
- usb-printer (deprecated)
- usb reclassify
- user-role
- valid-network-oui-profile
- vlan-bwcontract-explist
- vlan-name
- vlan
- voice alg-based-cac
- voice dialplan-profile
- voice facetime
- voice logging
- voice real-time-config
- voice rtcp-inactivity
- voice sip
- voice sip-midcall-req-timeout
- voice wificalling
- vpdn group l2tp
- vpdn group pptp
- vpn-dialer
- vrrp
- web-cc
- web-proxy server
- web-server profile
- whitelist-db cpsec add
- whitelist-db cpsec delete
- whitelist-db cpsec-local-switch-list
- whitelist-db cpsec-master-switch-list
- whitelist-db cpsec modify
- whitelist-db cpsec purge
- whitelist-db cpsec revoke
- whitelist-db rap add
- whitelist-db rap del
- whitelist-db rap modify
- whitelist-db rap revoke
- whitelist-db rap-local-switch-list
- whitelist-db rap-master-switch-list
- whoami
- wipe
- wlan anyspot-profile
- wlan bcn-rpt-req-profile
- wlan client-wlan-profile
- wlan dot11k-profile
- wlan dot11r-profile
- wlan edca-parameters-profile
- wlan handover-trigger-profile
- wlan hotspot advertisement-profile
- wlan hotspot anqp-3gpp-nwk-profile
- wlan hotspot anqp-domain-name-profile
- wlan hotspot anqp-ip-addr-avail-profile
- wlan hotspot anqp-nai-realm-profile
- wlan hotspot anqp-nwk-auth-profile
- wlan hotspot anqp-roam-cons-profile
- wlan hotspot anqp-venue-name-profile
- wlan hotspot h2qp-conn-capability-profile
- wlan hotspot h2qp-op-cl-profile
- wlan hotspot h2qp-operator-friendly-name-profile
- wlan hotspot h2qp-wan-metrics-profile
- wlan hotspot hs2-profile
- wlan ht-ssid-profile
- wlan rrm-ie-profile
- wlan ssid-profile
- wlan traffic-management-profile
- wlan tsm-req-profile
- wlan virtual-ap
- wlan voip-cac-profile
- wlan wmm-traffic-management-profile
- wms ap
- wms clean-db
- wms client
- wms export-class
- wms export-db
- wms import-db
- wms reinit-db
- write
- Appendix A: Command Modes
ipv6 firewall
ipv6 firewall
attack-rate {ping <number>|session <number>|tcp-syn <number>}
deny-inter-user-bridging |
drop-ip-fragments |
enable-per-packet-logging |
enforce-tcp-handshake |
prohibit-ip-spoofing |
prohibit-rst-replay |
session-idle-timeout <seconds> |
session-mirror-destination {ip-address <ipaddr>}|{port <slot/module/port>}
Description
This command configures firewall options on the controller for IPv6 traffic.
Syntax
Parameter Description Range Default
attack-rate
Sets rates which, if exceeded, can indicate a
denial of service attack.
ping
Number of ICMP pings per 30 seconds, which if
exceeded, can indicate a denial of service
attack. Recommended value is 120.
1-
16384
—
session
Number of TCP or UDP connection requests
per 30 seconds, which if exceeded, can indicate
a denial of service attack. Recommended value
is 960.
1-
16384
—
tcp-syn
Number of TCP SYN messages per 30 seconds,
which if exceeded, can indicate a denial of
service attack. Recommended value is 960.
1-
16384
—
deny-inter-user-bridging
Prevents the forwarding of Layer-2 traffic
between wired or wireless users. You can
configure user role policies that prevent Layer-
3 traffic between users or networks but this
does not block Layer-2 traffic. This option can
be used to prevent Appletalk or IPX traffic from
being forwarded.
— disable
d
drop-ip-frag
ments
When enabled, all IP fragments are dropped.
You should not enable this option unless
instructed to do so by a Dell representative.
— disable
d
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide ipv6 firewall | 548