Concept Guide
375| firewall Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Syntax
Parameter Description Range Default
allow-stun
Allows ICE-STUN based firewall
traversal.
— enabled
allow-tri-session
Allows three-way session when
performing destination NAT.
This option should be enabled
when the controller is not the
default gateway for wireless
clients and the default gateway
is behind the controller. This
option is typically used for
captive portal configuration.
— disable
d
amsdu
Aggregated Medium Access
Control Service Data Units
(AMSDU) packets are dropped
if this option is enabled.
—
disable
d
attack-rate
arp <1-16384> {blacklist|drop}
cp <1-16384>
grat-arp <1-16384> {blacklist|drop}
ping <1-16384>
session <1-16384>
tcp-syn <1-16384>
Sets rates which, if exceeded,
can indicate a denial of service
attack.
l arp: Monitor/police ARP
attack (non Gratuitous ARP).
l cp: Monitor/police Control
Processor (CP) attack.
l grat-arp: Monitor/police
Gratuitous ARP attack.
l ping: Monitor ping attack.
l session: Monitor IP session
attack.
l tcp-syn: Monitor TCP SYN
attack.
NOTE: <1-16384> denotes the
number of arp, cp, grat-arp,
ping, session, or tcp-syn
requests per 30 seconds.
1-
16384
—
bwcontracts-subnet-broadcast
Applies bw contracts to local
subnet broadcast traffic.
— —
cp
See firewall cp on page 383
cp-bandwidth-contract
See firewall cp-bandwidth-
contract on page 386