Parameter Description
Session Mirror Destination Destination (IP address or port) to which mirrored session packets are
sent. This option is used only for troubleshooting or debugging.
Packets can be mirrored in multiple ACLs, so only a single copy is
mirrored if there is a match within more than one ACL.
You can configure the following:
n Ethertype to be mirrored with the Ethertype ACL mirror option.
n IP flows to be mirrored with the session ACL mirror option.
n MAC flows to be mirrored with the MAC ACL mirror option.
n If you configure both an IP address and a port to receive mirrored
packets, the IP address takes precedence.
Default: N/A
Session Idle Timeout (sec) Set the time, in seconds, that a non-TCP session can be idle before it is
removed from the session table. Specify a value in the range 16-259
seconds. You should not set this option unless instructed to do so by an
Alcatel-Lucent representative.
Default: 15 seconds
Disable FTP Server Disables the FTP server on the switch. Enabling this option prevents FTP
transfers. You should not enable this option unless instructed to do so by
an Alcatel-Lucent representative.
Default: Disabled (FTP server is enabled)
GRE Call ID Processing Creates a unique state for each PPTP tunnel. You should not enable this
option unless instructed to do so by an Alcatel-Lucent representative.
Default: Disabled
Per-packet Logging Enables logging of every packet if logging is enabled for the
corresponding session rule. Normally, one event is logged per session. If
you enable this option, each packet in the session is logged. You should
not enable this option unless instructed to do so by an Alcatel-Lucent
representative, as doing so may create unnecessary overhead on the
switch.
Default: Disabled (per-session logging is performed)
Broadcast-filter ARP Reduces the number of broadcast packets sent to VoIP clients, thereby
improving the battery life of voice handsets. You can enable this option
for voice handsets in conjunction with increasing the DTIM interval on
clients.
Default: Disabled
Prohibit ARP Spoofing Detects and prohibits ARP spoofing. When this option is enabled, possible
arp spoofing attacks are logged and an SNMP trap is sent.
Default: Disabled
Prevent DHCP exhaustion
Enable check for DHCP client hardware address against the packet
source MAC address. This command checks the frame's source-MAC
against the DHCPv4 client hardware address and drops the packet if it
does not match. Enabling this feature prevents a client from submitting
multiple DHCP requests with different hardware addresses, thereby
preventing DHCP pool depletion.
Default: Disabled
Session VOIP Timeout (sec) Sets the idle session timeout for sessions that are marked as voice
sessions. If no voice packet exchange occurs over a voice session for the
specified time, the voice session is removed. Range is 16 – 300 seconds.
Default: 300 seconds
AOS-W 6.5.3.x | User Guide Roles and Policies | 395
To Next Page
Loading...