You are here: Home > CLI Commands > Just_CLI_Topics > show ipv6 firewall

show ipv6 firewall

show ipv6 firewall

Example

This example displays the status of all firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. configurations.

(host) [mynode] #show ipv6 firewall

 

Global IPv6 firewall policies

-----------------------------

Policy Action Rate Port

------ ------ ---- ----

Monitor ping attack Disabled

Monitor TCP SYN attack Disabled

Monitor IPv6 sessions attack Disabled

Deny inter user bridging Disabled

Drop all IPv6 fragments Disabled

Per-packet logging Disabled

Enforce TCP handshake before allowing data Disabled

Prohibit RST replay attack Disabled

Session Idle Timeout Disabled

Prohibit IPv6 Spoofing Disabled

Extension header parse length Enabled 100 bytes

Stateful ICMP Processing Disabled

 

The output of this command includes the following parameters:

Parameter

Description

Monitor ping attack

If enabled, the managed device monitors the number of ICMPInternet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. pings per second. If this value exceeds the maximum configured rate, the managed device will register a DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service. attack.

Monitor TCP SYN attack

If enabled, the managed device monitors the number of TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. SYN messages per second. If this value exceeds the maximum configured rate, the managed device will register a DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service. attack.

Monitor IPv6 sessions attack

If enabled, the managed device monitors the number of TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. session requests per second. If this value exceeds the maximum configured rate, the managed device will register a DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service. attack sessions.

Deny inter user bridging

If enabled this setting prevents the forwarding of Layer-2 traffic between wired or wireless users. You can configure user role policies that prevent Layer-3 traffic between users or networks but this does not block Layer-2 traffic.

Drop all IPv6 fragments

If enabled, all IPv6 fragments are dropped.

Per-packet logging

If active, and logging is enabled for the corresponding session rule, this feature logs every packet.

Enforce TCP handshake before allowing data

If enabled, this feature prevents data from passing between two clients until the three-way TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. handshake has been performed. Enabling this option causes mobility to fail. So, disable this option if you have mobile clients on the network as.

Prohibit RST replay attack

If enabled, this setting closes a TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. connection in both directions if a TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. RST is received from either direction.

Session Idle Timeout

Shows if a session idle timeout interval has been defined.

Prohibit IPv6 Spoofing

Status on IPv6 spoofing. When this option is enabled, IP and MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses are checked; possible IP spoofing attacks are logged and an SNMPSimple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  trap is sent.

Extension header parse length

Shows the extension header parse length, with a maximum value of 100 bytes.

Stateful ICMP Processing

If enabled, stateful ICMPInternet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. processing is enabled.

Related Commands

Command

Description

ipv6 firewall

This command configures firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. options on the Mobility Master for IPv6 traffic.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/