Cisco 2100 Series Configuration Manual page 304
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Configuration manual (40 pages)
Table of Contents
Advertisement
Configuring IDS
To specify the download or upload path, enter transfer {download | upload} path
Step 7
absolute-tftp-server-path-to-file.
Step 8
To specify the file to be downloaded or uploaded, enter transfer {download | upload} filename
filename.sig.
Note
Step 9
Enter transfer {download | upload} start and answer y to the prompt to confirm the current settings
and start the download or upload.
Step 10
To specify the number of seconds that must elapse before the signature frequency threshold is reached
within the configured interval, enter this command:
config wps signature interval signature_id interval
where signature_id is a number used to uniquely identify a signature. The range is 1 to 3600 seconds,
and the default value varies per signature.
To specify the number of matching packets per interval that must be identified at the individual access
Step 11
point level before an attack is detected, enter this command:
config wps signature frequency signature_id frequency
The range is 1 to 32,000 packets per interval, and the default value varies per signature.
To specify the number of matching packets per interval that must be identified per client per access point
Step 12
before an attack is detected, enter this command:
config wps signature mac-frequency signature_id mac_frequency
The range is 1 to 32,000 packets per interval, and the default value varies per signature.
To specify the length of time (in seconds) after which no attacks have been detected at the individual
Step 13
access point level and the alarm can stop, enter this command:
config wps signature quiet-time signature_id quiet_time
The range is 60 to 32,000 seconds, and the default value varies per signature.
Step 14
To enable or disable IDS signatures, perform one of the following:
•
To enable or disable an individual IDS signature, enter this command:
config wps signature {standard | custom} state signature_id {enable | disable}
To enable or disable IDS signature processing, which enables or disables the processing of all IDS
•
signatures, enter this command:
config wps signature {enable | disable}
Note
Step 15
To save your changes, enter this command:
save config
Cisco Wireless LAN Controller Configuration Guide
5-116
When uploading signatures, the controller uses the filename you specify as a base name and then
adds "_std.sig" and "_custom.sig" to it in order to upload both standard and custom signature
files to the TFTP server. For example, if you upload a signature file called "ids1," the controller
automatically generates and uploads both ids1_std.sig and ids1_custom.sig to the TFTP server.
If desired, you can then modify ids1_custom.sig on the TFTP server (making sure to set
"Revision = custom") and download it by itself.
If IDS signature processing is disabled, all signatures are disabled, regardless of the state
configured for individual signatures.
Chapter 5
Configuring Security Solutions
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
