Motorola WS2000 - Wireless Switch - Network Management Device Cli Reference Manual page 288
Wireless switch
Hide thumbs
Also See for WS2000 - Wireless Switch - Network Management Device:
- System reference manual (680 pages) ,
- Configuration manual (19 pages) ,
- Specification sheet (4 pages)
Table of Contents
Advertisement
3-252 WS2000 Wireless Switch System Reference Guide
excess-op
[threshold|filter-
ageout]
Example
admin(network.wids)> set mode enable
admin(network.wids)> set detect-window 25
admin(network.wids)> set anomaly-detect mode all enable
admin(network.wids)> set anomaly-detect filter-ageout all 120
admin(network.wids)> set excess-op threshold mu all 80
admin(network.wids)> set excess-op filter-ageout all 80
admin(network.wids)> show wids
WIDS feature is
Detect Window
Excessive Operations ::
(Secs)
--------------------
probe-req
auth-assoc-req
deauth-disassoc-req
auth-fails
Sets the threshold of events allowed in the detection window per MU.
• threshold [mu|radio|switch] <type> <threshold> – Sets the threshold values for mu,
radio, or switch.
• <type> is the violation type and can be one of:
•
all
- all types of excessive operations
•
probe-req
- Probe Request frames
•
auth-assoc-req
- 802.11 Authentication and Association Request
•
deauth-disassoc-req
•
auth-fails
- Failures reported by Authentication servers
•
crypto-replay-fails
•
80211-replay-fails
•
decrypt-fails
- decryption failures
•
unassoc-frames
•
eap-starts
- EAP (802.1x) Start frames
• <threshold> (0-65535) is the threshold value in seconds, 0 disables this option
• filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is
filtered out.
• <type> is the violation type and can be one of:
•
all
- all the anomalies.
•
null-dst
- NULL destination MAC anomaly
•
same-src-dst
- Same source and destination IP anomaly
•
mcas-src
- Multicast source MAC anomaly
•
weak-wep-iv
- Weak WEP initialization vector anomaly
•
tkip-cntr-meas
- TKIP Countermeasures anomaly
•
invalid-frame-len
• <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds.
0 disables this option.
Threshold (0 == disabled)
mu
:
80
:
80
:
80
:
80
- Disassociation and Deauthentication frames
- TKIP/CCMP IV replay check failure
- 802.11 replay check failure
- frames from unassociated stations
- Invalid frame length anomaly
: Enabled
: 10 (Secs)
radio
switch
0
0
0
0
0
0
0
0
Filter-Ageout
80
80
80
80
- Quick Links:
- Common Commands
- Passwd
Hide quick links:
Advertisement
Chapters
Table of Contents
