Adding layer 2 firewall configurations – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

346

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Configuring firewalls and access control lists

6

Adding Layer 2 firewall configurations

To configure new Layer 2 firewall rules:

1. Select Security > Wireless Firewall from the main tree menu.

2. Click the Configuration tab.

3. Click the L2 tab.

Interface Name

Displays the interface associated with the Layer 2 firewall. Available Layer 2
interfaces are ge 1-8 and up1.

ARP Rate

Displays the Address Resolution Protocol (ARP) rate. Rates can be between 1 and
1000000

DHCP Trust

Displays the DHCP trust status for the selected L2 interface. Any DHCP packets
from a DHCP server connected to the selected interface is considered trusted.
These DHCP packets are used to update the DHCP Snoop Table to prevent IP
spoof attacks. By default all physical interfaces are DHCP trusted. Onboard DHCP
server is also trusted as the switch's local port is always trusted. When DHCP trust
is enabled, a green checkmark is displayed. when disabled, a red 'X' is displayed.

ARP Trust

Displays the ARP trust status for the selected L2 interface. Trusted ARP packets
are also used to update the DHCP Snoop Table to prevent IP spoof and
arp-cache-poisoning attacks. By default, none of the physical or aggregate
interfaces are ARP trusted.

Broadcast Storm
Threshold

Displays the Broadcast Storm Threshold for each interface. When the rate of
broadcast packets exceeds the high threshold configured for an interface, packets
are throttled till the rate falls below the configured rate. Thresholds are configured
in terms of packets per second. The threshold range is 1-1000000 packets per
second.

Multicast Storm
Threshold

Displays the Multicast Storm Threshold for each interface. When the rate of
multicast packets exceeds the high threshold configured for an interface, packets
are throttled till the rate falls below the configured rate. Thresholds are configured
in terms of packets per second. The threshold range is 1-1000000 packets per
second.

Unknown Unicast Storm

Displays the Unknown Unicast Storm Threshold for each interface. When the rate
of unknown unicast packets exceeds the high threshold configured for an
interface, packets are throttled till the rate falls below the configured rate.
Thresholds are configured in terms of packets per second. The threshold range is
1-1000000 packets per second.