D-Link DWS-3160-24TC Reference Manual page 439

DWS-3160 Series Gigabit Ethernet Unified Switch Web UI Reference Guide
Not Present in OUI
Database Test
Not Present in Known
Client Database Test
Configured
Authentication Rate Test
Configured Probe
Requests Rate Test
Configured De-
Authentication Request
Rate Test
Maximum Authentication
Failures Test
Authentication with
Unknown AP Test
Client Thread Mitigation
Known Client Database
Lookup Method
Rogue Detected Trap
Interval (60-3600 seconds
or 0 is disable)
De-Authentication
Requests Threshold
Interval (1-3600 seconds)
De-Authentication
Requests Threshold
Value (1-99999)
Authentication Requests
Threshold Interval (1-
3600 seconds)
Authentication Requests
Threshold Value (1-
99999)
Probe Requests
Threshold Interval (1-
3600 seconds)
Probe Requests
Threshold Value (1-
99999)
Authentication Failure
Threshold Value (1-
99999)
Click the Apply button to accept the changes made.
Select Enabled to check whether a client is present in the OUI DB Test.
Select Enabled to check whether the client, which is identified by its MAC
address, is listed in the Known Client Database and is allowed access to the AP
either through the Authentication Action of Grant or through the White List global
action.
If the client is in the Known Client Database and has an action of Deny, or if the
action is Global Action and it is globally set to Black List, the client fails this test.
Select Enabled to check whether the client has exceeded the configured rate for
transmitting 802.11 authentication requests.
Select Enabled to check whether the client has exceeded the configured rate for
transmitting probe requests.
Select Enabled to check whether the client has exceeded the configured rate for
transmitting de-authentication requests.
Select Enabled to check whether the client has exceeded the maximum number
of failed authentications.
Select Enabled to check whether a client in the Known Client database is
authenticated with an unknown AP.
Select Enabled to send de-authentication messages to clients that are in the
Known Clients database but are associated with unknown APs. Authentication
with Unknown AP Test must also be enabled in order for the mitigation to take
place. Select Disabled to allow clients in the Known Clients database to remain
authenticated with an unknown AP.
Specify whether the Switch should use the Local or RADIUS database for the
lookups in the Known Client database when detecting a client on the network.
Enter the interval, in seconds, between transmissions of the SNMP trap telling the
administrator that rogue APs are present in the RF Scan database. Enter 0 to
disable the function.
Enter the number of seconds an AP should spend counting the de-authentication
messages sent by wireless clients.
Enter a threshold value. When the Switch receives more messages than the
specified value during the threshold interval, the test triggers.
Enter the number of seconds an AP should spend counting the authentication
messages sent by wireless clients.
Enter a threshold value. When the Switch receives more messages than the
specified value during the threshold interval, the test triggers.
Enter the number of seconds an AP should spend counting the probe messages
sent by wireless clients.
Enter the number of probe requests a wireless client is allowed to send during the
threshold interval before the event is reported as a threat.
Enter the number of 802.1X authentication failures a client is allowed to have
before the event is reported as a threat.
434