Motorola Wing 5 Manual
Here you can view all the pages of manual Motorola Wing 5 Manual. The Motorola manuals for Wireless are available online for free. You can easily download all the documents as PDF.
Page 861
FIREWALL-POLICY 14 - 19 Examples rfs7000-37FABE(config-rw-policy-test)#ip-mac conflict drop-only rfs7000-37FABE(config-rw-policy-test)#ip-mac routing conflict log-and-drop log-level notifications rfs7000-37FABE(config-rw-policy-test)#show context firewall-policy test ip dos fraggle drop-only no ip dos tcp-sequence-past-window ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 ip-mac conflict drop-only ip-mac routing conflict log-and-drop log-level notifications flow timeout icmp...
Page 862
![Page 862
14 - 20 WiNG CLI Reference Guide
14.1.9 logging
firewall-policy
Configures enhanced firewall logging
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
logging [icmp-packet-drop|malformed-packet-drop|verbose]
logging verbose
logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited]
Parameters
• logging verbose
• logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited]
logging Configures...](http://img.usermanuals.tech/thumb/52/100713/w300_wing-5-manual-1509563222_d-861.png "Page 862
14 - 20 WiNG CLI Reference Guide
14.1.9 logging
firewall-policy
Configures enhanced firewall logging
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
logging [icmp-packet-drop|malformed-packet-drop|verbose]
logging verbose
logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited]
Parameters
• logging verbose
• logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited]
logging Configures...")
14 - 20 WiNG CLI Reference Guide 14.1.9 logging firewall-policy Configures enhanced firewall logging Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax logging [icmp-packet-drop|malformed-packet-drop|verbose] logging verbose logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited] Parameters • logging verbose • logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited] logging Configures...
Page 863
FIREWALL-POLICY 14 - 21 Examples rfs7000-37FABE(config-rw-policy-test)#logging verbose rfs7000-37FABE(config-rw-policy-test)#logging icmp-packet-drop rate-limited rfs7000-37FABE(config-rw-policy-test)#logging malformed-packet-drop all rfs7000-37FABE(config-rw-policy-test)#show context firewall-policy test ip dos fraggle drop-only no ip dos tcp-sequence-past-window ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 ip-mac conflict drop-only ip-mac routing conflict log-and-drop...
Page 864
![Page 864
14 - 22 WiNG CLI Reference Guide
14.1.10 no
firewall-policy
Negates a command or sets the default for firewall policy commands
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [alg|clamp|dhcp-offer-convert|dns-snooping|firewall|flow|ip|ip-mac|logging|
proxy-arp|stateful-packet-inspection-l2|storm-control|virtual-defragmentation]
no [dhcp-offer-convert|proxy-arp|stateful-packet-inspection-l2]
no alg...](http://img.usermanuals.tech/thumb/52/100713/w300_wing-5-manual-1509563222_d-863.png "Page 864
14 - 22 WiNG CLI Reference Guide
14.1.10 no
firewall-policy
Negates a command or sets the default for firewall policy commands
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [alg|clamp|dhcp-offer-convert|dns-snooping|firewall|flow|ip|ip-mac|logging|
proxy-arp|stateful-packet-inspection-l2|storm-control|virtual-defragmentation]
no [dhcp-offer-convert|proxy-arp|stateful-packet-inspection-l2]
no alg...")
14 - 22 WiNG CLI Reference Guide 14.1.10 no firewall-policy Negates a command or sets the default for firewall policy commands Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax no [alg|clamp|dhcp-offer-convert|dns-snooping|firewall|flow|ip|ip-mac|logging| proxy-arp|stateful-packet-inspection-l2|storm-control|virtual-defragmentation] no [dhcp-offer-convert|proxy-arp|stateful-packet-inspection-l2] no alg...
Page 865
![Page 865
FIREWALL-POLICY 14 - 23
Parameters
• no [dhcp-offer-convert|proxy-arp|stateful-packet-inspection-l2]
• no alg [dns|ftp|sip|tftp]
• no clamp tcp-mss
• no dns-snooping entry-timeout
• no firewall enable
• no flow dhcp stateful
• no flow timeout [icmp|other|udp]
• no flow timeout tcp [closed-wait|established|reset|setup|stateless-fin-or-
reset|stateless-general]
no dhcp-offer-convert Disables the conversion of broadcast DHCP offers to unicast
no proxy-arp Disables the generation of ARP responses on behalf...](http://img.usermanuals.tech/thumb/52/100713/w300_wing-5-manual-1509563222_d-864.png "Page 865
FIREWALL-POLICY 14 - 23
Parameters
• no [dhcp-offer-convert|proxy-arp|stateful-packet-inspection-l2]
• no alg [dns|ftp|sip|tftp]
• no clamp tcp-mss
• no dns-snooping entry-timeout
• no firewall enable
• no flow dhcp stateful
• no flow timeout [icmp|other|udp]
• no flow timeout tcp [closed-wait|established|reset|setup|stateless-fin-or-
reset|stateless-general]
no dhcp-offer-convert Disables the conversion of broadcast DHCP offers to unicast
no proxy-arp Disables the generation of ARP responses on behalf...")
FIREWALL-POLICY 14 - 23 Parameters • no [dhcp-offer-convert|proxy-arp|stateful-packet-inspection-l2] • no alg [dns|ftp|sip|tftp] • no clamp tcp-mss • no dns-snooping entry-timeout • no firewall enable • no flow dhcp stateful • no flow timeout [icmp|other|udp] • no flow timeout tcp [closed-wait|established|reset|setup|stateless-fin-or- reset|stateless-general] no dhcp-offer-convert Disables the conversion of broadcast DHCP offers to unicast no proxy-arp Disables the generation of ARP responses on behalf...
Page 866
![Page 866
14 - 24 WiNG CLI Reference Guide
• no ip dos [ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce|
invalid-protocol|ip-ttl-zero|ipsproof|land|option-route|router-advt|
router-solicit|smurf|snork|tcp-bad-sequence|tcp-fin-scan|tcp-intercept|
tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|tcphdrfrag|
twinge|udp-short-hdr|winnuke]
tcp Disables TCP packet timeout
close-wait Disables the timeout for TCP flows in close wait status
established Disables the timeout for TCP flows in...](http://img.usermanuals.tech/thumb/52/100713/w300_wing-5-manual-1509563222_d-865.png "Page 866
14 - 24 WiNG CLI Reference Guide
• no ip dos [ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce|
invalid-protocol|ip-ttl-zero|ipsproof|land|option-route|router-advt|
router-solicit|smurf|snork|tcp-bad-sequence|tcp-fin-scan|tcp-intercept|
tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|tcphdrfrag|
twinge|udp-short-hdr|winnuke]
tcp Disables TCP packet timeout
close-wait Disables the timeout for TCP flows in close wait status
established Disables the timeout for TCP flows in...")
14 - 24 WiNG CLI Reference Guide • no ip dos [ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce| invalid-protocol|ip-ttl-zero|ipsproof|land|option-route|router-advt| router-solicit|smurf|snork|tcp-bad-sequence|tcp-fin-scan|tcp-intercept| tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|tcphdrfrag| twinge|udp-short-hdr|winnuke] tcp Disables TCP packet timeout close-wait Disables the timeout for TCP flows in close wait status established Disables the timeout for TCP flows in...
Page 867
FIREWALL-POLICY 14 - 25 option-route Disables an IP Option Record Route DoS check router-advt Disables router-advt attack checks This is an attack where a default route entry is added remotely to a device. This route entry is given preference, and thereby exposes a vector of attacks. router-solicit Disables router-solicit attack checks Router solicitation messages are sent to locate routers as a form of network scanning. This information can then be used to attack a device. smurf Disables smurf attack...
Page 868
![Page 868
14 - 26 WiNG CLI Reference Guide
• no ip tcp [adjust-mss|optimize-unnecessary-resends|
recreate-flow-on-out-of-state-syn|validate-icmp-unreachable|
validate-rst-ack-number|validate-rst-seq-number]
• no ip-mac conflict
• no ip-mac routing conflict
• no logging [icmp-packet-drop|verbose|malformed-packet-drop]
• no storm-control [arp|broadcast|multicast|unicast] {[fe |ge |log|
port-channel |up1|wlan ]}
udp-short-hdr Disables UDP short header checks
Enables the identification of truncated UDP headers and UDP...](http://img.usermanuals.tech/thumb/52/100713/w300_wing-5-manual-1509563222_d-867.png "Page 868
14 - 26 WiNG CLI Reference Guide
• no ip tcp [adjust-mss|optimize-unnecessary-resends|
recreate-flow-on-out-of-state-syn|validate-icmp-unreachable|
validate-rst-ack-number|validate-rst-seq-number]
• no ip-mac conflict
• no ip-mac routing conflict
• no logging [icmp-packet-drop|verbose|malformed-packet-drop]
• no storm-control [arp|broadcast|multicast|unicast] {[fe |ge |log|
port-channel |up1|wlan ]}
udp-short-hdr Disables UDP short header checks
Enables the identification of truncated UDP headers and UDP...")
14 - 26 WiNG CLI Reference Guide
• no ip tcp [adjust-mss|optimize-unnecessary-resends|
recreate-flow-on-out-of-state-syn|validate-icmp-unreachable|
validate-rst-ack-number|validate-rst-seq-number]
• no ip-mac conflict
• no ip-mac routing conflict
• no logging [icmp-packet-drop|verbose|malformed-packet-drop]
• no storm-control [arp|broadcast|multicast|unicast] {[fe |ge |log|
port-channel |up1|wlan ]}
udp-short-hdr Disables UDP short header checks
Enables the identification of truncated UDP headers and UDP...
Page 869
![Page 869
FIREWALL-POLICY 14 - 27
• no virtual-defragmentation {[maximum-fragments-per-datagram|
minimum-first-fragment-length|maximum-defragmentation-per-host]}
Examples
rfs7000-37FABE(config-fw-policy-test)#show context
firewall-policy test
ip dos fraggle drop-only
no ip dos tcp-sequence-past-window
ip dos tcp-max-incomplete high 600
ip dos tcp-max-incomplete low 60
storm-control broadcast level 20000 ge 4
storm-control arp log warnings
ip-mac conflict drop-only
ip-mac routing conflict log-and-drop...](http://img.usermanuals.tech/thumb/52/100713/w300_wing-5-manual-1509563222_d-868.png "Page 869
FIREWALL-POLICY 14 - 27
• no virtual-defragmentation {[maximum-fragments-per-datagram|
minimum-first-fragment-length|maximum-defragmentation-per-host]}
Examples
rfs7000-37FABE(config-fw-policy-test)#show context
firewall-policy test
ip dos fraggle drop-only
no ip dos tcp-sequence-past-window
ip dos tcp-max-incomplete high 600
ip dos tcp-max-incomplete low 60
storm-control broadcast level 20000 ge 4
storm-control arp log warnings
ip-mac conflict drop-only
ip-mac routing conflict log-and-drop...")
FIREWALL-POLICY 14 - 27
• no virtual-defragmentation {[maximum-fragments-per-datagram|
minimum-first-fragment-length|maximum-defragmentation-per-host]}
Examples
rfs7000-37FABE(config-fw-policy-test)#show context
firewall-policy test
ip dos fraggle drop-only
no ip dos tcp-sequence-past-window
ip dos tcp-max-incomplete high 600
ip dos tcp-max-incomplete low 60
storm-control broadcast level 20000 ge 4
storm-control arp log warnings
ip-mac conflict drop-only
ip-mac routing conflict log-and-drop...
Page 870
14 - 28 WiNG CLI Reference Guide rfs7000-37FABE(config-fw-policy-test)#show context firewall-policy test no ip dos fraggle no ip dos tcp-sequence-past-window ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 storm-control broadcast level 20000 ge 4 storm-control arp log none ip-mac conflict drop-only ip-mac routing conflict log-and-drop log-level notifications flow timeout icmp 16000 flow timeout udp 10000 flow timeout tcp established 1500 flow timeout other 16000 logging...
All Motorola manuals