n Network packets where the source address of the network packet is defined as being a loopback address
(127.0.0.1 through 127.255.255.254)
n Network packets where the source or destination address of the network packet is a link-local address
(169.254.0.0/16)
n Network packets where the source or destination address of the network packet is defined as being an
address “reserved for future use” as specified in RFC 5735 for IPv4; (240.0.0.0/4)
n Network packets where the source or destination address of the network packet is defined as an
“unspecified address”(::/128) or an address “reserved for future definition and use”(addresses other than
2000::/3) as specified in RFC 3513 for IPv6. The IPv6 “an unspecified address”(::/128) is currently being
checked in datapath and the packet is dropped. This is the default behavior and you can view the logs by
enabling firewall enable-per-packet-logging configuration.
Roles
The following are predefined roles.
If you upgrade from a previous AOS-W release, your existing configuration may have additional or different
predefined roles. The information in this section only describes the predefined roles for this release.
Predefined Role Description
Can This Role be
Deleted? (Yes/No)
system-role ap-role
session-acl control
session-acl ap-acl
This is an internal role and should not be edited. No
system-role stateful-dot1x This is an internal role used for Stateful 802.1X. It
should not be edited.
No
system-role sys-ap-role This is a limited role applied to Alcatel-Lucent APs
to allow the AP to boot up and terminate on the
switch.
No
user-role authenticated
session-acl allowall
ipv6 session-acl v6-allowall
This is a default role that can be used for
authenticated users. It permits all IPv4 and IPv6
traffic for users who are part of this role.
No
user-role cpbase This is a role for cpbase. Yes
user-role default-iap-user-
role
This is a default user role for IAPs. This role is
applied to GRE tunnel between IAP and switch,
thus also applied to all CL2 users, which are
created in the switch.
No
user-role default-via-role This is a default user role for VIA users.It is
referenced as default in the default VIA
Authentication profile.
No
user-role default-vpn-role
session-acl allowall
ipv6 session-acl v6-allowall
This is the default role used for VPN-connected
clients. It is referenced in the default "aaa
authentication vpn" profile.
No
user-role denyall This role blocks all traffic to and from the user. Yes
Table 270: Predefined Roles
AOS-W 6.5.3.x | User Guide Behavior and Defaults | 1094
To Next Page
Loading...