Release Notes
Parameter Description Range Default
enforce-tcp-
handshake
Prevents data from passing between two clients
until the three-way TCP handshake has been
performed. This option should be disabled when
you have mobile clients on the network as enabling
this option will cause mobility to fail. You can
enable this option if there are no mobile clients on
the network.
— disabled
prohibit-ip-
spoofing
Detects IP spoofing (where an intruder sends
messages using the IP address of a trusted client).
When this option is enabled, IP and MAC addresses
are checked; possible IP spoofing attacks are
logged and an SNMP trap is sent.
— disabled
prohibit-rst-re
play
Closes a TCP connection in both directions if a TCP
RST is received from either direction. You should
not enable this option unless instructed to do so by
a Dell representative.
— disabled
session-idle-
timeout
Time, in seconds, that a non-TCP session can be
idle before it is removed from the session table.
You should not modify this option unless instructed
to do so by a Dell representative.
16-259 15
seconds
ip-address <ipaddr>
Send mirrored session packets to the specified IP
address
port <slot>/<port>
Send mirrored session packets to the specified
controller port.
Usage Guidelines
This command configures global firewall options on the controller for IPv6 traffic.
Example
The following command disallows forwarding of non-IP frames between IPv6 clients:
(host) (config) #ipv6 firewall deny-inter-user-bridging
Command History
Version Description
ArubaOS 3.3 Command introduced
ArubaOS 6.1 The ipv6 firewall enable command was deprecated. Use the command ipv6
enable to enable/disable ipv6 packet/firewall processing on the controller.
ArubaOS 6.3 The session-mirror-destination parameter has been deprecated.
ArubaOS 6.4.1 The valid range for the following parameters was changed to <1-16384>:
l ping
l session
l tcp-syn
Dell Networking W-Series ArubaOS 6.4.x | Reference Guide ipv6 firewall | 488