Filter
Top Products
311 | Rolesand Policies DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Parameter Description
configure user role policies that prevent Layer-3 traffic between users or networks
but this does not block Layer-2 traffic. This option can be used to prevent traffic, such
as Appletalk or IPX, from being forwarded.
Default: Disabled
Deny Inter User Traffic Denies traffic between untrusted users by disallowing layer2 and layer3 traffic. This
parameter does not depend on the deny-inter-user-bridging parameter being enabled
or disabled.
Default: Disabled
Deny All IP Fragments Drops all IP fragments.
NOTE: Do not enable this option unless instructed to do so by a Dell representative.
Default: Disabled
Enforce TCP Handshake Before
Allowing Data
Prevents data from passing between two clients until the three-way TCP handshake
has been performed. This option should be disabled when you have mobile clients on
the network as enabling this option will cause mobility to fail. You can enable this
option if there are no mobile clients on the network.
Default: Disabled
Prohibit IP Spoofing Enables detection of IP spoofing (where an intruder sends messages using the IP
address of a trusted client). When this option is enabled, source and destination IP
and MAC addresses are checked for each ARP request/response. Traffic from a
second MAC address using a specific IP address is denied, and the entry is not
added to the user table. Possible IP spoofing attacks are logged and an SNMP trap is
sent.
Default: Enabled
Prohibit RST Replay Attack When enabled, closes a TCP connection in both directions if a TCP RST is received
from either direction. You should not enable this option unless instructed to do so by
a Dell representative.
Default: Disabled
Log ICMP Errors Enables logging of received ICMP errors. You should not enable this option unless
instructed to do so by a Dell representative.
Default: Disabled
Stateful SIP Processing Disables monitoring of exchanges between a voice over IP or voice over WLAN
device and a SIP server. This option should be enabled only when there is no VoIP or
VoWLAN traffic on the network.
Default: Disabled (stateful SIP processing is enabled)
Allow Tri-session with DNAT Allows three-way session when performing destination NAT. This option should be
enabled when the controller is
not
the default gateway for wireless clients and the
default gateway is behind the controller. This option is typically used for captive
portal configuration.
Default: Disabled.
Amsdu Configuration Enables handling AMSDU traffic from clients.
Default: Disabled
Session Mirror Destination Destination (IP address or port) to which mirrored session packets are sent. This
option is used only for troubleshooting or debugging.
Packets can be mirrored in multiple ACLs, so only a single copy is mirrored if there is
a match within more than one ACL.
You can configure the following: