Users Guide
Parameter Description Range Default
enable-per-pac
ket-logging
Enables logging of every packet if logging is
enabled for the corresponding session rule.
Normally, one event is logged per session. If you
enable this option, each packet in the session is
logged. You should not enable this option unless
instructed to do so by a Dell representative, as
doing so may create unnecessary overhead on
the controller.
— disable
d
enforce-tcp-
handshake
Prevents data from passing between two clients
until the three-way TCP handshake has been
performed. This option should be disabled when
you have mobile clients on the network as
enabling this option will cause mobility to fail. You
can enable this option if there are no mobile
clients on the network.
— disable
d
prohibit-ip-
spoofing
Detects IP spoofing (where an intruder sends
messages using the IP address of a trusted
client). When this option is enabled, IP and MAC
addresses are checked; possible IP spoofing
attacks are logged and an SNMP trap is sent.
— disable
d
prohibit-rst-re
play
Closes a TCP connection in both directions if a
TCP RST is received from either direction. You
should not enable this option unless instructed to
do so by a Dell representative.
— disable
d
session-idle-
timeout
Time, in seconds, that a non-TCP session can be
idle before it is removed from the session table.
You should not modify this option unless
instructed to do so by a Dell representative.
16-259 15
second
s
ip-address <ipaddr>
Send mirrored session packets to the specified IP
address
port <slot>/<port>
Send mirrored session packets to the specified
controller port.
Usage Guidelines
This command configures global firewall options on the controller for IPv6 traffic.
Example
The following command disallows forwarding of non-IP frames between IPv6 clients:
(host) (config) #ipv6 firewall deny-inter-user-bridging
Dell Networking W-Series ArubaOS 6.4.x | User Guide ipv6 firewall | 566