Filter
Top Products
Configuring a Server-Derived Role
If the client is authenticated through an authentication server, the user role for the client can be based on one or
more attributes returned by the server during authentication. You configure the user role to be derived by specifying
condition rules; when a condition is met, the specified user role is assigned to the client. You can specify more than
one condition rule; the order of rules is important as the first matching condition is applied. You can also define
server rules based on client attributes such as ESSID, BSSID, or MAC address, even though these attributes are not
returned by the server.
For information about configuring a server-derived role, see "Configuring Server-Derivation Rules" on page 182.
Configuring a VSA-Derived Role
Many Network Address Server (NAS) vendors, including Dell, use VSAs to provide features not supported in standard
RADIUS attributes. For Dell systems, VSAs can be employed to provide the user role and VLAN for RADIUS-
authenticated clients, however the VSAs must be present on your RADIUS server. This involves defining the vendor
(Dell) and/or the vendor-specific code (14823), vendor-assigned attribute number, attribute format (such as string or
integer), and attribute value in the RADIUS dictionary file. VSAs supported on Dell controllers conform to the
format recommended in RFC 2865, “Remote Authentication Dial In User Service (RADIUS)”.
Dictionary files that contain Dell VSAs are available on the Dell support website for various RADIUS servers. Log
into the Dell support website to download a dictionary file from the Tools folder.
Understanding Global Firewall Parameters
Table 84 describes optional firewall parameters you can set on the controller for IPv4 traffic. To set these options in
the WebUI, navigate to the Configuration > Advanced Services > Stateful Firewall > Global Setting page and
select or enter values in the IPv4 column. To set these options in the CLI, use the firewall configuration
commands.
See IPv6 Support on page 128 for information about configuring firewall parameters for IPv6 traffic.
Parameter Description
Monitor Ping Attack Number of ICMP pings per second, which if exceeded, can indicate a denial of
service attack. Valid range is 1-255 pings per second. Recommended value is 4.
Default: No default
Monitor TCP SYN Attack rate Number of TCP SYN messages per second, which if exceeded, can indicate a denial
of service attack. Valid range is 1-255 messages per second. Recommended value is
32.
Default: No default
Monitor IP Session Attack Number of TCP or UDP connection requests per second, which if exceeded, can
indicate a denial of service attack. Valid range is 1-255 requests per second.
Recommended value is 32.
Default: No default
Monitor/Police CP Attack rate (per
sec)
Rate of misbehaving user’s inbound traffic, which if exceeded, can indicate a denial
or service attack.
Recommended value is 100 frames per second.
Deny Inter User Bridging Prevents the forwarding of Layer-2 traffic between wired or wireless users. You can
Table 84:
IPv4 Firewall Parameters
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Rolesand Policies | 310