Release Notes
Syntax
Parameter Description Range Default
allow-stun
Allows ICE-STUN based firewall
traversal.
— enabled
allow-tri-session
Allows three-way session when
performing destination NAT.
This option should be enabled
when the controller is not the
default gateway for wireless
clients and the default gateway
is behind the controller. This
option is typically used for
captive portal configuration.
— disabled
amsdu
Aggregated Medium Access
Control Service Data Units
(AMSDU) packets are dropped if
this option is enabled.
—
disabled
attack-rate
arp <1-16384> {blacklist|drop}
cp <1-16384>
grat-arp <1-16384> {blacklist|drop}
ping <1-16384>
session <1-16384>
tcp-syn <1-16384>
Sets rates which, if exceeded,
can indicate a denial of service
attack.
l arp: Monitor/police ARP
attack (non Gratuitous ARP).
l cp: Monitor/police Control
Processor (CP) attack.
l grat-arp: Monitor/police
Gratuitous ARP attack.
l ping: Monitor ping attack.
l session: Monitor IP session
attack.
l tcp-syn: Monitor TCP SYN
attack.
NOTE: <1-16384> denotes the
number of arp, cp, grat-arp,
ping, session, or tcp-syn
requests per 30 seconds.
1-16384 —
bwcontracts-subnet-broadcast
Applies bw contracts to local
subnet broadcast traffic.
— —
cp
See firewall cp on page 345
cp-bandwidth-contract
See firewall cp-bandwidth-
contract on page 347
Dell Networking W-Series ArubaOS 6.4.x | Reference Guide firewall | 338