Filter
Top Products
You configure 802.1x authentication for IPv6 clients in the same way as for IPv4 client configuration. For more
information about configuring 802.1x authentication on the controller, see 802.1X Authentication on page 192.
NOTE: This release does not support authentication of management users on IPv6 clients.
Working with Firewall Features
If you installed a Policy Enforcement Firewall Next Generation (PEFNG) license in the controller, you can configure
firewall functions for IPv6 client traffic. While these firewall functions are identical to firewall functions for IPv4
clients, you need to explicitly configure them for IPv6 traffic. For more information about firewall policies, see
“Global Firewall Parameters” on page317.
NOTE: Voice-related and NAT firewall functions are not supported for IPv6 traffic.
Authentication
Method
Description
Monitor Ping Attack Number of ICMP pings per second, which if exceeded, can indicate a denial of service attack.
Valid range is 1–255 pings per second. Recommended value is 4.
Default: No default
Monitor TCP SYN Attack
rate
Number of TCP SYN messages per second, which if exceeded, can indicate a denial of service
attack. Valid range is 1–255 messages per second. Recommended value is 32.
Default: No default
Monitor IP Session Attack Number of TCP or UDP connection requests per second, which if exceeded, can indicate a
denial of service attack. Valid range is 1–255 requests per second. Recommended value is 32.
Default: No default
Deny Inter User Bridging Prevents the forwarding of Layer-2 traffic between wired or wireless users. You can configure
user role policies that prevent Layer-3 traffic between users or networks but this does not block
Layer-2 traffic. This option can be used to prevent traffic, such as Appletalk or IPX, from being
forwarded.
Default: Disabled
Deny All IP Fragments Drops all IP fragments.
NOTE: Do not enable this option unless instructed to do so by a Dell representative.
Default: Disabled
Enforce TCP Handshake
Before Allowing Data
Prevents data from passing between two clients until the three-way TCP handshake has been
performed. This option should be disabled when you have mobile clients on the network as
enabling this option will cause mobility to fail. You can enable this option if there are no mobile
clients on the network.
Default: Disabled
Prohibit IP Spoofing Enables detection of IP spoofing (where an intruder sends messages using the IP address of a
trusted client). When this option is enabled, IP and MAC addresses are checked for each ARP
request/response. Traffic from a second MAC address using a specific IP address is denied,
and the entry is not added to the user table. Possible IP spoofing attacks are logged and an
SNMP trap is sent.
Default: Disabled
Prohibit RST Replay When enabled, closes a TCP connection in both directions if a TCP RST is received from either
Table 39:
IPv6 Firewall Parameters
DellPowerConnectW-SeriesArubaOS6.2 | User Guide IPv6Support | 142