189
| Roles and Policies
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
To view the ALG configuration:
(Instant AP)# show alg
Current ALG
-----------
ALG
Status
---
------
sccp
Disabled
sip
Enabled
ua
Enabled
vocera
Enabled
Configuring Firewall Settings for Protection from ARP Attacks
You can configure firewall settings to protect the network against attacks using the Instant UI or the CLI.
In the Instant UI
To configure firewall settings:
1. Click the
Security
link located directly above the Search bar on the Instant main window.
2. Click the
Firewall Settings
tab. The
Firewall Settings
tab contents are displayed.
3. To configure protection against security attacks, select the following check boxes:
l
Select
Drop bad ARP
to enable the IAP to drop the fake ARP packets.
l
Select
Fix malformed DHCP
for the IAP to fix the malformed DHCP packets.
l
Select
ARP poison check
to enable the IAP to trigger an alert notifying the user about the ARP
poisoning that may have been caused by the rogue IAPs.
Figure 41
Firewall Settings —Protection Against Wired Attacks
4. Click
OK.
In the CLI
To configure firewall settings to prevent attacks:
(Instant AP)(config)# attack
(Instant AP)(ATTACK)# drop-bad-arp-enable
(Instant AP)(ATTACK)# fix-dhcp-enable
(Instant AP)(ATTACK)# poison-check-enable
(Instant AP)(ATTACK)# end
(Instant AP)# commit apply
To view the configuration status:
(Instant AP)# show attack config
Current Attack
--------------
Attack
Status
------
------
drop-bad-arp
Enabled
fix-dhcp
Enabled
poison-check
Enabled