Configuring IDS
To enable or disable an individual signature, click the Detail link for the desired signature. The Signature
Step 4
> Detail page appears (see
Figure 5-15 Signature > Detail Page
This page shows much of the same information as the Standard Signatures and Custom Signatures pages
but provides these additional details:
•
The measurement interval, or the number of seconds that must elapse before the controller resets the
signature threshold counters
•
The tracking method used by the access points to perform signature analysis and report the results
to the controller. The possible values are:
–
–
–
The signature frequency, or the number of matching packets per second that must be identified at
•
the individual access point level before an attack is detected
The signature MAC frequency, or the number of matching packets per second that must be identified
•
per client per access point before an attack is detected
The quiet time, or the length of time (in seconds) after which no attacks have been detected at the
•
individual access point level and the alarm can stop
The pattern that is being used to detect a security attack
•
Cisco Wireless LAN Controller Configuration Guide
5-34
Figure
5-15).
Per Signature—Signature analysis and pattern matching are tracked and reported on a
per-signature and per-channel basis.
Per MAC—Signature analysis and pattern matching are tracked and reported separately for
individual client MAC addresses on a per-channel basis.
Per Signature and MAC—Signature analysis and pattern matching are tracked and reported on
a per-signature and per-channel basis as well as on a per-MAC-address and per-channel basis.
Chapter 5
Configuring Security Solutions
OL-9141-03