You are here: Home > CLI Commands > Just_CLI_Topics > firewall cp-bandwidth-contract

firewall cp-bandwidth-contract

firewall cp-bandwidth-contract {arp-traffic|auth|ike <rate>|l2-other|route|sessmirr|trusted-mcast|trusted-ucast
|untrusted-mcast|untrusted-ucast}

Description

This command configures bandwidth contract traffic rate limits, in packets per second, to prevent denial of service attacks.

Syntax

Parameter

Description

Range

Default

arp-traffic

Specifies the arp traffic rate limit in packets per second. Is applied as a multiples of 32 in datapath.

1-65535 pps

976 pps

auth

Specifies the traffic rate limit that is forwarded to the authentication process.

1-65535 pps

976 pps

ike <rate>

Specifies the traffic rate limit from IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. to CP, in packets per second.

1-65535 pps

976 pps

l2-other

Specifies the traffic rate limit for L2 protocol and L2 special handling traffic.

1-65535 pps

976 pps

route

Specifies the traffic rate limit that needs ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests.

1-65535 pps

976 pps

sessmirr

Specifies the session mirrored traffic forwarded to the managed device.

1-65535 pps

976 pps

trusted-mcast

Specifies the trusted multicast traffic rate limit.

1-65535 pps

1953 pps

trusted-ucast

Specifies the trusted unicast traffic rate limit.

1-98304 pps

untrusted-mcast

Specifies the untrusted multicast traffic rate limit.

1-65535 pps

1953 pps

untrusted-ucast

Specifies the untrusted unicast traffic rate limit.

1-65535 pps

9765 pps

vrrp

Specifies the rate limit of VRRPVirtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. traffic routed to the control plane.

1-65535 pps

9765 pps

Usage Guidelines

This command configures firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. bandwidth contract options on the managed device.

Example

The following command disallows forwarding of non-IP frames between users:

(host) [/md] (config) #firewall deny-inter-user-bridging

Related Commands

Command

Description

show firewall

Displays a list of global firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policies and policy details.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

This command requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/