Mac firewall rules – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 871
Brocade Mobility RFS Controller System Reference Guide
859
53-1003099-01
15
FIGURE 78
Wireless Controller - Firewall IP Firewall Rules screen
The IP Firewall Rules screen displays the following:
MAC Firewall Rules
The ability to allow or deny client access by MAC address ensures malicious or unwanted users are
unable to bypass security filters. Firewall rules can use one of the three following actions based on
a rule criteria:
•
Allow a connection
•
Allow a connection only if it is secured through the MAC firewall security
•
Block a connection
Precedence
Displays the precedence (priority) applied to packets. Every rule has a unique precedence value
between 1 - 5000. You cannot add two rules with the same precedence value.
Friendly String
This is a string that provides more information as to the contents of the rule. This is for information
purposes only.
Hit Count
Displays the number of times each IP ACL has been triggered.
Hardware Hit Count
On NX4500 and NX6500 series service platforms, intra-vlan packets are switched locally (on the service
platform), preventing ACL or stateful firewall inspection. However, a unique ACL is available on NX4500
and NX6500 service platform GE ports providing a stateless firewall using IP based ACLs. The Hardware
Hit Count constitutes the number of times one of the service platform’s 1024 IP hardware rules has
been triggered on one of its GE ports. NX4500 and NX6500 models have 2 GE ports, and NX4524 and
NX6524 models have 24 GE ports.
Refresh
Select the Refresh button to update the screen’s statistics counters to their latest values.