Reference Guide
0511587-03 | September 2014 Dell Networking W-Series Instant 6.4.2.0-4.1.1 | CLI Reference Guide
Command/Parameter Description Range Default
<eport>
Specifies the ending port number until
which the rule applies
1-65534 —
dst-nat
Allows the W-IAP to perform destination
NAT on packets.
— —
src-nat
Allows the W-IAP to perform source NAT
on packets. When configured, the source
IP changes to the outgoing interface IP
address (implied NAT pool) or from the
pool configured (manual NAT pool).
— —
ip <IP-addr>
Specifies the destination NAT IP address
for the specified packets when dst-nat
action is configured.
— —
<port>
Specifies the destination NAT port for the
specified packets when dst-nat action is
configured.
— —
deny
Creates a rule to reject the specified
packets
— —
<option1…option9>
Allows you to specify any of the following
options:
l Log—Creates a log entry when this
rule is triggered.
l Blacklist—Blacklists the client when
this rule is triggered.
l Classify-media—Performs a packet
inspection on all non-NAT traffic and
marks the critical traffic.
l Disable-scanning—Disables ARM
scanning when this rule is triggered.
l DSCP tag—Specifies a DSCP value to
prioritize traffic when this rule is
triggered.
l 802.1p priority—Sets an 802.1p
priority.
— —
no…
Removes the configuration — —
Usage Guidelines
Use this command to configure inbound firewall rules for the inbound traffic coming through the uplink ports
of a W-IAP. The rules defined for the inbound traffic are applied if the destination is not a user connected to
the W-IAP. If the destination already has a user role assigned, the user role overrides the actions or options
specified in inbound firewall configuration. However, if a deny rule is defined for the inbound traffic, it is
applied irrespective of the destination and user role. Unlike the ACL rules in a WLAN SSID or wired profile, the
inbound firewall rules can be configured based on the source subnet.