Dell W-IAP103 Guide de l'utilisateur télécharger pdf (Page 133)

100

101

Command/Parameter Description Range Default

NAT on packets.

src-nat

Allows the W-IAP to perform source NAT

on packets. When configured, the source

IP changes to the outgoing interface IP

address (implied NAT pool) or from the

pool configured (manual NAT pool).

— —

ip <IP-addr>

Specifies the destination NAT IP address

for the specified packets when dst-nat

action is configured.

— —

<port>

Specifies the destination NAT port for the

specified packets when dst-nat action is

configured.

— —

deny

Creates a rule to reject the specified

packets

— —

<option1…option9>

Allows you to specify any of the following

options:

l Log —Creates a log entry when this

rule is triggered.

l Blacklist — Blacklists the client when

this rule is triggered.

l Classify-media — Performs a packet

inspection on all non-NAT traffic and

marks the critical traffic.

l Disable-scanning — Disables ARM

scanning when this rule is triggered.

l DSCP tag — Specifies a DSCP value

to prioritize traffic when this rule is

triggered.

l 802.1p priority — Sets an 802.1p

priority.

— —

no…

Removes the configuration — —

Usage Guidelines

Use this command to configure inbound firewall rules for the inbound traffic coming through the uplink ports of a W-

IAP. The rules defined for the inbound traffic are applied if the destination is not a user connected to the W-IAP. If the

destination already has a user role assigned, the user role overrides the actions or options specified in inbound

firewall configuration. However, if a deny rule is defined for the inbound traffic, it is applied irrespective of the

destination and user role. Unlike the ACL rules in a WLAN SSID or wired profile, the inbound firewall rules can be

configured based on the source subnet.

For all subnets, a deny rule is created by default as the last rule. If at least one rule is configured, the deny all rule is

applied to the upstream traffic by default.

Management access to the AP is allowed irrespective of the inbound firewall rule. For more information on

configuring restricted management access, see restricted-mgmt-access.

The inbound firewall is not applied to traffic coming through GRE tunnel.

Dell Networking W-Series Instant 6.4.0.2-4.1 | CLI Reference Guide inbound-firewall | 133

1 2 ... 128 129 130 131 132 133 134 135 136 137 138 ... 575 576

Commentaires sur ces manuels

Pas de commentaire

Dell W-IAP103 Guide de l'utilisateur Page 133

Commentaires sur ces manuels

Produits connexes et manuels pour Points d'accès WLAN Dell W-IAP103