Motorola Wing 5 Manual
Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 836
13 - 52 WiNG CLI Reference Guide
13.1.3.3.13 option
static-binding-mode
Configures raw DHCP options. The DHCP option has to be configured in the DHCP policy. The options configured in the
DHCP server policy can only be used in static bindings.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
option [|]
Parameters
• option [|]
Usage Guidelines
Defines non standard DHCP option codes (0-254)
Examples...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-835.png "Page 836
13 - 52 WiNG CLI Reference Guide
13.1.3.3.13 option
static-binding-mode
Configures raw DHCP options. The DHCP option has to be configured in the DHCP policy. The options configured in the
DHCP server policy can only be used in static bindings.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
option [|]
Parameters
• option [|]
Usage Guidelines
Defines non standard DHCP option codes (0-254)
Examples...")
![Page 839
DHCP-SERVER-POLICY 13 - 55
13.1.4 no
dhcp-server-policy
Negates a command or sets its default for DHCP policy commands
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [bootp|dhcp-class|dhcp-pool|option|ping]
no bootp ignore
no dhcp-class
no dhcp-pool
no option
no ping timeout
Parameters
• no bootp ignore
• no dhcp-class
• no dhcp-pool
no bootp Removes the BOOTP specific configuration
ignore Removes the...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-838.png "Page 839
DHCP-SERVER-POLICY 13 - 55
13.1.4 no
dhcp-server-policy
Negates a command or sets its default for DHCP policy commands
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [bootp|dhcp-class|dhcp-pool|option|ping]
no bootp ignore
no dhcp-class
no dhcp-pool
no option
no ping timeout
Parameters
• no bootp ignore
• no dhcp-class
• no dhcp-pool
no bootp Removes the BOOTP specific configuration
ignore Removes the...")
![Page 841
DHCP-SERVER-POLICY 13 - 57
13.1.5 option
dhcp-pool-mode
Configures raw DHCP options. The DHCP option has to be configured in the DHCP server policy. The options configured in
the DHCP pool/DHCP server policy can also be used in static bindings.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
option [ascii|hexstring|ip]
Parameters
• option [ascii|hexstring|ip]
Usage Guidelines
Defines non standard DHCP...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-840.png "Page 841
DHCP-SERVER-POLICY 13 - 57
13.1.5 option
dhcp-pool-mode
Configures raw DHCP options. The DHCP option has to be configured in the DHCP server policy. The options configured in
the DHCP pool/DHCP server policy can also be used in static bindings.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
option [ascii|hexstring|ip]
Parameters
• option [ascii|hexstring|ip]
Usage Guidelines
Defines non standard DHCP...")
![Page 846
14 - 4 WiNG CLI Reference Guide
14.1.1 alg
firewall-policy
Enables preconfigured algorithms supporting a particular protocol
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
alg [dns|ftp|sip|tftp]
Parameters
• alg [dns|ftp|sip|tftp]
Examples
rfs7000-37FABE(config-fw-policy-test)# alg tftp
rfs7000-37FABE(config-fw-policy-test)#show context
firewall policy test
no ip dos tcp-sequence-past-window
Related Commands...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-845.png "Page 846
14 - 4 WiNG CLI Reference Guide
14.1.1 alg
firewall-policy
Enables preconfigured algorithms supporting a particular protocol
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
alg [dns|ftp|sip|tftp]
Parameters
• alg [dns|ftp|sip|tftp]
Examples
rfs7000-37FABE(config-fw-policy-test)# alg tftp
rfs7000-37FABE(config-fw-policy-test)#show context
firewall policy test
no ip dos tcp-sequence-past-window
Related Commands...")
DHCP-SERVER-POLICY 13 - 57 13.1.5 option dhcp-pool-mode Configures raw DHCP options. The DHCP option has to be configured in the DHCP server policy. The options configured in the DHCP pool/DHCP server policy can also be used in static bindings. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax option [ascii|hexstring|ip] Parameters • option [ascii|hexstring|ip] Usage Guidelines Defines non standard DHCP option codes (0-254) Examples rfs7000-37FABE(config-dhcp-policy-test-pool-pool1)#option option1 157.235.208.80 rfs7000-37FABE(config-dhcp-policy-test-pool-pool1)# Related Commands Configures the option specified by the number Configures the DHCP option ascii Configures the DHCP option as an ASCII string hexstring Configures the DHCP option as a hexadecimal string ip Configures the DHCP option as an IP address NOTE: An option name in ASCII format accepts a backslash (\) as an input, but is not displayed in the output (Use show runnig config to view the output). Use a double backslash to represent a single backslash. noResets values or disables commands
13 - 58 WiNG CLI Reference Guide 13.1.6 ping dhcp-server-policy Specifies DHCP server ping parameters Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax ping timeout Parameters • ping timeout Examples rfs7000-37FABE(config-dhcp-policy-test)#ping timeout 2 rfs7000-37FABE(config-dhcp-policy-test)# Related Commands timeout Sets the ping timeout from 1 - 10 seconds noResets values or disables commands
CHAPTER 14 FIREWALL-POLICY A firewall protects a network from attacks and unauthorized access from outside the network. Simultaneously, it allows authorized users to access required resources. Firewalls work on multiple levels. Some work at layers 1 and 2 and 3 to inspect each packet. The packet is either passed, dropped or rejected based on rules configured on the firewall. Firewalls use application layer filtering to enforce compliance. These firewalls can understand applications and protocols and can detect if an unauthorized protocol is being used, or an authorized protocol is being abused in any malicious way. The third set of firewalls, ‘Stateful Firewalls’, consider the placement of individual packets within each packet in the series of packets being transmitted. If there is a packet that does not fit into the sequence, it is automatically identified and dropped. This chapter summarizes the firewall policy commands within the CLI structure. Use (config) instance to configure firewall policy commands. To navigate to the config-fw-policy instance, use the following commands:
14 - 2 WiNG CLI Reference Guide
RFSSwitch(config)#firewall-policy
rfs7000-37FABE(config)#firewall-policy test
rfs7000-37FABE(config-fw-policy-test)#?
Firewall policy Mode commands:
alg Enable ALG
clamp Clamp value
dhcp-offer-convert Enable conversion of broadcast dhcp offers to
unicast
dns-snoop DNS Snooping
firewall Wireless firewall
flow Firewall flow
ip Internet Protocol (IP)
ip-mac Action based on ip-mac table
logging Firewall enhanced logging
no Negate a command or set its defaults
proxy-arp Enable generation of ARP responses on behalf
of another device
stateful-packet-inspection-l2 Enable stateful packet inspection in layer2
firewall
storm-control Storm-control
virtual-defragmentation Enable virtual defragmentation for IPv4
packets (recommended for proper functioning
of firewall)
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or
terminal
rfs7000-37FABE(config-fw-policy-test)#
FIREWALL-POLICY 14 - 3 14.1 firewall-policy Table 14.1 summarizes default firewall policy commands Table 14.1Firewall-policy Commands Command Description Reference algEnables an algorithmpage 14-4 clampSets a clamp value to limit TCP MSS to inner path-MTU for tunnelled packets page 14-5 dhcp-offer-convertEnables the conversion of broadcast DHCP offers to unicastpage 14-6 dns-snoopSets the timeout value for DNS entriespage 14-7 firewallConfigures the wireless firewallpage 14-8 flowDefines a session flow timeoutpage 14-9 ipSets an IP address for a selected devicepage 14-11 ip-macDefines an action based on IP-MAC tablepage 14-17 loggingEnables enhanced firewall loggingpage 14-20 noNegates a command or sets its default valuepage 14-22 proxy-arpEnables the generation of ARP responses on behalf of another devicepage 14-29 stateful-packet- inspection-12Enables stateful packets-inspection in layer 2 firewallpage 14-30 storm-controlDefines storm control and logging settingspage 14-31 virtual- defragmentationEnables virtual defragmentation for IPv4 packetspage 14-34 clrscrClears the display screenpage 5-3 commitCommits (saves) changes made in the current sessionpage 5-4 doRuns commands from EXEC modepage 4-66 endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5 exitEnds the current mode and moves to the previous modepage 5-6 helpDisplays the interactive help systempage 5-7 revertReverts the changes to their last saved configurationpage 5-13 serviceInvokes service commands to troubleshoot or debug (config-if) instance configurationspage 5-14 showDisplays running system informationpage 6-4 writeWrites information to memory or terminalpage 5-42
14 - 4 WiNG CLI Reference Guide 14.1.1 alg firewall-policy Enables preconfigured algorithms supporting a particular protocol Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax alg [dns|ftp|sip|tftp] Parameters • alg [dns|ftp|sip|tftp] Examples rfs7000-37FABE(config-fw-policy-test)# alg tftp rfs7000-37FABE(config-fw-policy-test)#show context firewall policy test no ip dos tcp-sequence-past-window Related Commands alg Enables preconfigured algorithms (dns, ftp, sip, and tftp) dns Enables the Domain Name System (DNS) algorithm ftp Enables the File Transfer Protocol (FTP) algorithm sip Enables the Session Initiation Protocol (SIP) algorithm tftp Enables the Trivial File Transfer Protocol (TFTP) algorithm noResets values or disables firewall policy alg commands
FIREWALL-POLICY 14 - 5 14.1.2 clamp firewall-policy This option limits the TCP Maximum Segment Size (MSS) to the size of the Maximum Transmission Unit (MTU) discovered by path MTU discovery for the inner protocol. This ensures the packet traverses through the inner protocol without fragmentation. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax clamp tcp-mss Parameters • clamp tcp-mss Examples rfs7000-37FABE(config-fw-policy-test)#clamp tcp-mss rfs7000-37FABE(config-fw-policy-test)#show context firewall-policy test no ip dos tcp-sequence-past-window Related Commands tcp-mss Limits the TCP MSS size to the MTU value of the inner protocol for tunneled packets noResets values or disables firewall policy clamp commands
14 - 6 WiNG CLI Reference Guide 14.1.3 dhcp-offer-convert firewall-policy Enables the conversion of broadcast DHCP offers to unicast Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax dhcp-offer-convert Parameters None Examples rfs7000-37FABE(config-fw-policy-test)#dhcp-offer-convert rfs7000-37FABE(config-fw-policy-test)#show context firewall-policy test no ip dos tcp-sequence-past-window dhcp-offer-convert Related Commands noResets values or disables firewall policy DHCP offer convert commands
FIREWALL-POLICY 14 - 7 14.1.4 dns-snoop firewall-policy Sets the timeout for DNS snoop table entries Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax dns-snoop entry-timeout Parameters • dns-snoop entry-timeout Examples rfs7000-37FABE(config-fw-policy-test)#dns-snoop entry-timeout 35 rfs7000-37FABE(config-fw-policy-te)#show context firewall-policy te no ip dos tcp-sequence-past-window dhcp-offer-convert dns-snoop entry-timeout 35 Related Commands entry-timeout Sets the timeout value for DNS entries from 30 - 86400 seconds noResets values or disables firewall policy DNS snoop commands
14 - 8 WiNG CLI Reference Guide 14.1.5 firewall firewall-policy Enables a device’s firewall Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax firewall enable Parameters • firewall enable Examples rfs7000-37FABE(config-fw-policy-default)#firewall enable rfs7000-37FABE(config-fw-policy-default)# Related Commands firewall enable Enables the wireless firewall noDisables a device’s firewall