Filter
Top Products
371 | WirelessIntrusionPrevention DellPowerConnectW-SeriesArubaOS6.2 | User Guide
l When multiple rules match and any one of those matching rules cause the AP to be classified as a Neighbor, then
the AP is classified as Neighbor.
l APs classified as either Neighbor or Suspected-Rogue will attempted to match any configured AP rule.
l Once a rule matches an AP, the same rule will not be checked for the AP.
l When the controller reboots, no attempt to match a previously matched AP is made.
l If a rule is disabled or modified, all APs that were previously classified based on that rule will continue to be in
the newly classified state.
Working with Intrusion Detection
This section covers Infrastructure and Client Intrusion Detections.
Understanding Infrastructure Intrusion Detection
Detecting attacks against the infrastructure is critical in avoiding attacks that may lead to a large-scale Denial of
Service (DOS) attack or a security breach. This group of features detects attacks against the WLAN infrastructure,
which consists of authorized APs, the RF medium, and the wired network. An authorized or valid-AP is defined as
an AP that belongs to the WLAN infrastructure. The AP is either a Dell AP or a third party AP. ArubaOS
automatically learns authorized Dell APs.
Table 105 presents a summary of the Intrusion infrastructure detection features with their related commands, traps,
and syslog identification. Feature details follow the table.
Feature Command Trap Syslog ID
"Detecting an 802.11n
40MHz Intolerance
Setting" on page 374
ids dos-profile
detect-ht-40mhz-intolerance
client-ht-40mhz-intol-quiet-time
wlsxHT40MHzIntoleranceAP
wlsxHT40MHzIntoleranceSta
126052, 126053,
127052, 127053
"Detecting Active
802.11n Greenfield
Mode" on page 374
ids unauthorized-device-profile
detect-ht-greenfield
wlsxHtGreenfieldSupported 126054, 127054
"Detecting Ad hoc
Networks" on page
374
ids unauthorized-device-profile
detect-adhoc-network
wlsxNAdhocNetwork 126033, 127033
"Detecting an Ad hoc
Network Using a Valid
SSID" on page 374
ids unauthorized-device-profile
detect-adhoc-using-valid-ssid
adhoc-using-valid-ssid-quiet-time
wlsxAdhocUsingValidSSID 126068, 127068
"Detecting an AP
Flood Attack" on page
374
ids dos-profile
detect-ap-flood
ap-flood-threshold
ap-flood-inc-time
ap-flood-quiet-time
wlsxApFloodAttack 126034, 127034
"Detecting AP
Impersonation" on
page 374
ids impersonation-profile
detect-ap-impersonation
beacon-diff-threshold
beacon-inc-wait-time
wlsxAPImpersonation 126006, 127006
Table 105:
Infrastructure Detection Summary