Session Rate Limiting - Proxim Orinoco AP-2500 User Manual

Public access ap

Hide thumbs Also See for Orinoco AP-2500:

User manual (250 pages)

Quick installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

Table of Contents

Network Parameters

Session Rate Limiting

The Rate Limit tab allows you to configure Session Rate Limiting. Session Rate Limiting significantly reduces the risk

of Denial of Service attacks by allowing administrators to limit the number of DAT sessions any one user can take over

a given time period. If a user exceeds this limit, all subsequent traffic generated from that user is dropped until the

configured Time Interval is reached.

We also recommend enabling the Syslog feature. When a computer crosses the Session Rate Limit threshold, a

Syslog message is generated from the AP detailing the MAC address of the computer. Once the MAC address is

known, it can be blocked through the AP's MAC Address Filtering feature.

Follow these steps to configure Session Rate Limiting:

1. Click Configure > Security > Rate Limit.

2. Enable Session Rate Limiting by checking the Enable Session Limit box.

3. Configure the following limiting parameters:

•

Session Limit Mean Rate: the default is 200 sessions per Session Time Limit Interval defined

•

Session Limit Burst Size: the default is 400 sessions per Session Time Limit Interval defined

•

Session Limit Time Interval: the default is 60 seconds

The Time interval is how much time the subscriber is given to consume TCP/IP sessions before a new allotment

occurs. The Burst Size is the maximum number of sessions allowed per the Time Interval. The Mean Rate is the

amount added to what is left after the Time Interval elapses (up to the number of sessions defined in the Burst

Size).

The Burst and Mean Rates can be significantly reduced (Mean Rate: 50, Burst Size: 100) to help mitigate the

consumption of TCP/IP sessions by a malicious user while allowing quicker access to the remaining users. We do

not recommend setting the Burst Size to below 100 and the Mean Rate to below 50 as these values could impact

normal user access.

Also, increasing the Time Interval to 120 or 180 would increase the number of sessions that would be cleaned up

before new sessions are allowed to be handed out to each subscriber. This may work better in larger deployments

that have many users.

Figure 4-22 Rate Limit Configuration Screen

Table of Contents

Session Rate Limiting - Proxim Orinoco AP-2500 User Manual

Session Rate Limiting

Troubleshooting

Related Manuals for Proxim Orinoco AP-2500

Related Content for Proxim Orinoco AP-2500

Table of Contents