Number ofICMPInternet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets.每30秒的ping（如果超过）可以表明DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service.attack. Valid range is 1-16384 pings per 30 seconds.

Recommended value is 120.

Default: No default

Number ofTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.SYN messages per 30 second, which if exceeded, can indicate aDoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service.attack. Valid range is 1-16384 pings per 30 seconds.

推荐值为960。

Default: No default

Number ofTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.或者UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received.connection requests per 30 second, which if exceeded, can indicate aDoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service.attack. Valid range is 1-16384 requests per 30 seconds.

推荐值为960。

Default: No default

防止有线或无线用户之间的2层流量转发。您可以配置用户角色策略，以防止用户或网络之间的3层流量，但这不会阻止2层流量。此选项可用于防止转发流量，例如appletalk或ipx。

Default: Disabled

Drops all IP fragments.

笔记：Do not enable this option unless instructed to do so by a nArubarepresentative.

Default: Disabled

Prevents data from passing between two clients until the three-wayTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.handshake has been performed. This option should be disabled when you have mobile clients on the network, as enabling this option will cause mobility to fail. You can enable this option if there are no mobile clients on the network.

Default: Disabled

Enables detection of IP spoofing (where an intruder sends messages using the IP address of a trusted client). When you enable this option, IP andMAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。检查每个地址ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device.request or response. Traffic from a secondMAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。使用特定的IP地址的地址被拒绝，并且该条目未添加到用户表中。可能记录了可能的IP欺骗攻击SNMP简单的网络管理协议。SNMP是用于在IP网络上管理设备的TCP/IP标准协议。通常支持SNMP的设备包括路由器，交换机，服务器，工作站，打印机，调制解调器架等。它主要用于网络管理系统中，以监视网络连接设备以保持关注管理关注的条件。trap is sent.

Default: Disabled

When enabled, closes aTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.connection in both directions if aTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.RST is received from either direction. You should not enable this option unless instructed to do so by a nArubarepresentative.

Default: Disabled

目的地（IPv4地址或managed deviceport) to which mirrored session packets are sent. You can configure IPv6 flows to be mirrored with the sessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.mirror option. This option is used only for troubleshooting or debugging.

Default: N/A

Set the time, in seconds, that a non-TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.会话可以在将其从会话表中删除之前闲置。在16–259秒内指定一个值。除非指示这样做，否则您不应设置此选项 nArubarepresentative.

默认：30秒

Enables logging of every packet if logging is enabled for the corresponding session rule. Normally, one event is logged per session. If you enable this option, each packet in the session is logged. You should not enable this option unless instructed to do so by a nAruba代表，这样做可能会在managed device.

Default: Disabled (per-session logging is performed)