Device Configuration 5 - 229
Use the Inbound MAC Firewall Rules drop-down menus to select the firewall rules to apply to this profile’s Ethernet port
configuration. The firewall inspects MAC traffic flows and detects attacks typically not visible to traditional wired firewall
appliances.
Use the IPv4 Inbound Firewall Rules drop-down menu to select the IPv4 specific firewall rules to apply to this profile’s
Ethernet port configuration. IPv4 is a connection less protocol for packet switched networking. IPv4 operates as a best effort
delivery method, as it does not guarantee delivery, and does not ensure proper sequencing or duplicate delivery (unlike
(TCP). IPv4 hosts can use link local addressing to provide local connectivity.
Use the IPv6 Inbound Firewall Rules drop-down menu to select the IPv6 specific firewall rules to apply to this profile’s
Ethernet port configuration. IPv6 is the latest revision of the Internet Protocol (IP) designed to replace IPv4. IPV6 provides
enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6
addresses are composed of eight groups of four hexadecimal digits separated by colons.
If a firewall rule does not exist suiting the data protection needs of the target port channel configuration, select the Create
icon to define a new rule configuration or the Edit icon to modify an existing firewall rule configuration.
16. If a firewall rule does not exist suiting the data protection needs of the target port configuration, select the Create icon to
define a new rule configuration. For more information, see Wireless Firewall on page 8-2.
17. Refer to the Trust field to define the following:
18. Refer to the 802.1X Settings field to define the following:
Trust ARP Responses Select this option to enable ARP trust on this port. ARP packets received on this port
are considered trusted and information from these packets is used to identify rogue
devices within the network. The default value is disabled.
Trust DHCP Responses Select this option to enable DHCP trust on this port. If enabled, only DHCP responses
are trusted and forwarded on this port, and a DHCP server can be connected only to a
DHCP trusted port. The default value is enabled.
ARP header Mismatch
Validation
Select this option to enable a mismatch check for the source MAC in both the ARP and
Ethernet header. The default value is enabled.
Trust 802.1p COS values Select this option to enable 802.1p COS values on this port. The default value is
enabled.
Trust IP DSCP Select this option to enable IP DSCP values on this port. The default value is enabled.
NOTE: Some vendor solutions with VRRP enabled send ARP packets with Ethernet
SMAC as a physical MAC and inner ARP SMAC as VRRP MAC. If this configuration is
enabled, a packet is allowed, despite a conflict existing.
Host Mode Select the port mode for 802.1X authentication. Select single-host to bridge traffic from
a single authenticated host. Select multi-host to bridge traffic from any host to this port.
Guest VLAN Set the Guest VLAN on which traffic is bridged from a wired port when the selected
port is considered unauthorized.
To Next Page
Loading...
