beautypg.com

Global-association-list – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 263

background image

Brocade Mobility RFS Controller CLI Reference Guide

247

53-1003098-01

4

stateful-packet-inspection-l2 Enable stateful packet inspection in layer2

firewall

storm-control Storm-control

virtual-defragmentation Enable virtual defragmentation for IPv4

packets (recommended for proper functioning

of firewall)

clrscr Clears the display screen

commit Commit all changes made in this session

do Run commands from Exec mode

end End current mode and change to EXEC mode

exit End current mode and down to previous mode

help Description of the interactive help system

revert Revert changes

service Service Commands

show Show running system information

write Write running configuration to memory or

terminal

rfs7000-37FABE(config-fw-policy-test)#

Related Commands:

NOTE

For more information on Firewall policy, see

Chapter 14, FIREWALL-POLICY

.

global-association-list

Global Configuration Commands

Configures a global list of client MAC addresses. Based on the deny or permit rules specified,
clients are either allowed or denied access to the managed network.

The global association list serves the same purpose as an Association Access Control List (ACL).
However, the Association ACL allows a limited number of entries, a few thousand only, and does not
suffice the requirements of a large deployment. This gap is filled by a global association list, which
is much larger (with tens of thousands of entries). Both lists co-exist in the system. When an access
request comes in, the association ACL is looked up first and if the requesting MAC address is listed
in one of the deny ACLs, the association is denied. But, if the requesting client is permitted access,
or if in case none of the ACLs list the client’s MAC address, the global association ACL is checked.
Once authenticated, the client’s credentials are cached on the access point, and subsequent
requests are not referenced to the controller. An entry in an APs credential cache means a pass in
the global association list.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

no

Removes an existing firewall policy

See also other documents in the category Brocade Computer Accessories: