Table of Contents
Advertisement
Filter Expiration
Client Threshold
Radio Threshold
Use the
Enable All
button to enable all Excessive Action Events. Use
Events.
12. Select
OK
to save the updates to the to Excessive Actions configuration used by the WIPS policy. Select
the last saved configuration. The WIPS policy can be invoked at any point in the configuration process by selecting
Wireless IPS Policy
from the upper, left-hand side, of the access point user interface.
13. Select the
MU Anomaly
configuration parameters.
Figure 8-22 Wireless IPS screen - WIPS Events - MU Anomaly tab
MU Anomaly events are suspicious events by wireless clients that can compromise the security and stability of the network.
Use the MU Anomaly screen to set the intervals clients can be filtered upon the generation of each event.
Set the duration an event generating client is filtered. This creates a special ACL entry,
and frames coming from the client are dropped. The default setting is 0 seconds.
This value is applicable across the RF Domain. If a station is detected performing an attack
and is filtered by an access point, the information is passed to the domain controller. The
domain controller then propagates this information to all the access points in the RF
Domain.
Set the client threshold after which the filter is triggered and an event generated.
Set the radio threshold after which an event is recorded to the event history.
tab. Ensure the
Activate Wireless IPS Policy
Security Configuration 8 - 37
Disable All
button to disable all Excessive Action
option remains selected to enable the screen's
Reset
to revert to
Activate
- Quick Links:
- Accessing the Web Ui
Hide quick links:
Advertisement
Table of Contents
