Concept Guide
Table Of Contents
- About this Guide
- Instant CLI
- a-channel
- a-external-antenna
- aaa test-server
- aeroscout-rtls
- airgroup
- airgroupservice
- airwave-rtls
- ale-report-interval
- ale-server
- alg
- allow-new-aps
- allowed-ap
- ams-backup-ip
- ams-identity
- ams-ip
- ams-key
- apply
- arm
- attack
- auth-failure-blacklist-time
- auth-survivability cache-time-out
- blacklist-client
- blacklist-time
- calea
- cellular-uplink-profile
- clear airgroup state statistics
- clear
- clear-cert
- clock set
- clock summer-time
- clock timezone
- commit
- configure terminal
- console
- content-filtering
- convert-aos-ap
- copy
- deny-inter-user-bridging
- deny-local-routing
- device-id
- disable-prov-ssid
- disconnect-user
- dot11a-radio-disable
- dot11g-radio-disable
- download-cert
- dpi
- dpi-error-page-url
- dynamic-cpu-mgmt
- dynamic-radius-proxy
- enet-vlan
- enet0-bridging
- enet0-port-profile
- enet1-port-profile
- enet2-port-profile
- enet3-port-profile
- enet4-port-profile
- extended-ssid
- factory-ssid-enable
- firewall-external-enforcement
- g-channel
- g-external-antenna
- gre per-ap-tunnel
- gre primary
- gre type
- help
- hostname
- hotspot anqp-3gpp-profile
- hotspot anqp-domain-name-profile
- hotspot anqp-ip-addr-avail-profile
- hotspot anqp-nai-realm-profile
- hotspot anqp-nwk-auth-profile
- hotspot anqp-roam-cons-profile
- hotspot anqp-venue-name-profile
- hotspot h2qp-conn-cap-profile
- hotspot h2qp-oper-name-profile
- hotspot h2qp-oper-class-profile
- hotspot h2qp-wan-metrics-profile
- hotspot hs-profile
- iap-master
- ids
- ignore-image-check
- inactivity-ap-timeout
- inbound-firewall
- internal-domains
- ip-address
- ip dhcp
- ip dhcp pool
- l2tpv3 session
- l2tpv3 tunnel
- l3-mobility
- led-off
- logout
- managed-mode-profile
- managed-mode-sync-server
- mesh
- mgmt-accounting
- mgmt-auth-server
- mgmt-auth-server-load-balancing
- mgmt-auth-server-local-backup
- mgmt-user
- mtu
- name
- ntp-server
- opendns
- organization
- ping
- pppoe-uplink-profile
- proxy
- reload
- remove-blacklist-client
- restrict-corp-access
- restricted-mgmt-access
- rf dot11a-radio-profile
- rf dot11g-radio-profile
- rf-band
- rft
- routing-profile
- show 1xcert
- show about
- show access-rule
- show access-rule-all
- show acl
- show airgroup
- Description
- Syntax
- Usage Guidelines
- Example
- show airgroup blocked-queries
- show airgroup blocked-service-id
- show airgroup cache entries
- show airgroup cppm auth server non-coa-only
- show airgroup cppm auth server coa-capable
- show airgroup cppm server
- show airgroup cppm entries
- show airgroup debug statistics
- show airgroup internal-state statistics
- show airgroup servers
- show airgroup status
- show airgroup swarm-info
- show airgroup users
- Command History
- Command Information
- show airgroupservice
- show airgroupservice-ids
- show ale
- show alert global
- show alg
- show allowed-aps
- show all monitor
- show amp-audit
- show ap-alert
- show ap-env
- show aps
- show ap allowed-channels
- show ap allowed-max-EIRP
- show ap arm
- show ap association
- show ap bss-table
- show ap cacert
- show ap client-match-history
- show ap client-match-live
- show ap client-probe-report
- show ap client-match-refused
- show ap client-match-triggers
- show ap client-view
- show ap debug airwave
- show ap debug airwave-config-received
- show ap debug airwave-data-sent
- show ap debug airwave-events-pending
- show ap debug airwave-restore-status
- show ap debug airwave-signon-key
- show ap debug airwave-state
- show ap debug airwave-stats
- show ap debug am-config
- show ap debug auth-trace-buf
- show ap debug client-match
- show ap debug client-stats
- show ap debug client-table
- show ap debug client-frame-history
- show ap debug crash-info
- show ap debug dhcp-packets
- show ap debug dot1x-statistics
- show ap debug driver-config
- show ap debug mgmt-frames
- show ap debug persistent-clients
- show ap debug radio-stats
- show ap debug radius-statistics
- show ap debug rfc3576-radius-statistics
- show ap debug shaping-table
- show ap debug spanning-tree
- show ap debug stm-config
- show ap debug stm-role
- show ap debug system-status
- show ap debug tacacs-statistics
- show ap dot11k-beacon-report
- show ap dot11k-nbrs
- show ap flash-config
- show ap mesh counters
- show ap mesh link
- show ap mesh neighbors
- show ap monitor
- Description
- Syntax
- Examples
- show ap monitor active-laser-beams
- show ap monitor ap-list
- show ap monitor ap-wired-mac
- show ap monitor arp-cache
- show ap monitor containment-info
- show ap monitor enet-wired-mac
- show ap monitor ids-state
- show ap monitor pot-ap-list
- show ap monitor pot-sta-list
- show ap monitor routers
- show ap monitor scan-info
- show ap monitor state
- show ap monitor stats
- show ap monitor status
- Command History
- Command Information
- show ap pmkcache
- show ap virtual-beacon-report
- show app-services
- show arm-channels
- show arm config
- show arp
- show attack
- show auth-survivability
- show backup-config
- show blacklist-client
- show calea config
- show calea statistics
- show captive-portal
- show captive-portal-domains
- show cellular
- show cert all
- show clients
- show clock
- show configuration
- show config-status
- show console-settings
- show country-codes
- show cpcert
- show cpu
- show datapath
- show delta-config
- show derivation-rules
- show dhcp-allocation
- show dhcpc-opts
- show dhcps config
- show dhcp subnets
- show distributed-dhcp-branch-counts
- show domain-names
- show dpi
- show dpi-error-page-url
- show dpi-stats
- show election
- show external-captive-portal
- show facebook
- show fault
- show ids
- show ids-detection config
- show ids-protection config
- show image
- show inbound-firewall-rules
- show interface counters
- show ip dhcp database
- show ip igmp
- show ip interface brief
- show ip route
- show lacp status
- show l2tpv3 config
- show l2tpv3 global
- show l2tpv3 session
- show l2tpv3 system
- show l2tpv3 tunnel
- show l3-mobility
- show ldap-servers
- show log ap-debug
- show log apifmgr
- show log convert
- show log debug
- show log driver
- show log kernel
- show log l3-mobility
- show log network
- show log pppd
- show log rapper
- show log sapd
- show log security
- show log system
- show log upgrade
- show log user
- show log user-debug
- show log vpn-tunnel
- show log wireless
- show memory
- show mgmt-user
- show network
- show network-summary
- show opendns
- show port status
- show pppoe
- show process
- show proxy config
- show radio config
- show radius-servers support
- show radius status
- show radseccert
- show running-config
- show snmp-configuration
- show snmp trap-queue
- show spectrum-alert
- show stats
- show subscription-aps
- show summary
- show swarm
- show supported-cert-formats
- show syslog-level
- show tacacs-servers
- show tech-support
- show tspec-calls
- show uncommitted-config
- show upgrade info
- show uplink
- show uplink-vlan
- show usb status
- show users
- show valid-channels
- show version
- show vpn
- show walled-garden
- show wifi-uplink
- show wired-port
- show wired-port-settings
- show wispr config
- show xml-api-server
- snmp-server
- subscription-ap
- subscription-ap-enable
- swarm-mode
- syslocation
- syslog-level
- syslog-server
- telnet
- telnet-server
- terminal-access
- tftp-dump-server
- traceroute
- upgrade-image
- uplink
- uplink-vlan
- usb-port-disable
- user
- version
- virtual-controller-country
- virtual-controller-dnsip
- virtual-controller-ip
- virtual-controller-key
- virtual-controller-vlan
- vpn backup
- vpn fast-failover
- vpn gre-outside
- vpn hold-time
- vpn ikepsk
- vpn monitor-pkt-lost-cnt
- vpn monitor-pkt-send-freq
- vpn preemption
- vpn primary
- vpn reconnect-time-on-failover
- vpn reconnect-user-on-failover
- web-server
- wifi0-mode
- wifi1-mode
- wired-port-profile
- wlan access-rule
- wlan auth-server
- wlan captive-portal
- wlan external-captive-portal
- wlan ldap-server
- wlan ssid-profile
- wlan sta-profile
- wlan tacacs-server
- wlan walled-garden
- wlan wispr-profile
- write
- xml-api-server
- zonename
- Terminology
inbound-firewall
inbound-firewall
rule <subnet> <smask> <dest> <mask> <match/invert> <protocol> <sport> <eport>
{permit|deny|src-nat|dst-nat ip <IP-address> <port>}[<option1....option9>]
no…
Description
This command configures inbound firewall rules based on the source subnet.
Syntax
Command/Parameter Description Range Default
inbound-firewall
Opens the inbound firewall
configuration mode.
— —
rule
Creates an access rule.
You can create up to 128 access rules.
However, it is recommended to delete
any existing configuration and apply
changes at regular intervals.
— —
<subnet>
Allows you to specify the source subnet
IPaddress
— —
<smask>
Specifies the subnet mask of the source
IP address.
— —
<dest>
Allows you to specify the destination IP
address.
— —
<mask>
Specifies the subnet mask for the
destination IP address.
— —
<match/invert>
l match—Indicates if the rule specific
to the destination IP address and
subnet mask matches the value
specified for protocol.
l invert— Indicates if the rule allows
or denies traffic with an exception to
the specified destination IP address
and subnet mask.
match
invert
—
<protocol>
Configures any of the following:
l Protocol number between 0-255
l any: any protocol
l tcp: Transmission Control Protocol
l udp: User Datagram Protocol
1-255 —
<sport>
Specifies the starting port number from 1-65534 —
Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | CLI Reference Guide inbound-firewall | 155