AirWave Wireless Management Suite | Configuration Guide Aruba Configuration Reference | 101
3. Click Add or Save. The added or edited Denial of Service profile appears on the IDS > Denial of Service
profiles page.
Profiles > IDS > Denial of Service > Rate Threshold
The IDS rate threshold profile defines thresholds assigned to the different frame types for rate anomaly
checking. A profile of this type is attached to each of the following 802.11 frame types in the IDS Denial of
Service profile:
z Association frames
z Disassociation frames
z Deauthentication frames
z Probe Request frames
z Probe Response frames
z Authentication frames
A channel threshold applies to an entire channel, while a node threshold applies to a particular client MAC
address. Aruba provides predefined default IDS rate thresholds profiles for each of these types of frames.
Default values depend upon the frame type.
Perform these steps to create Rate Threshold Profiles for use with
Denial of Service profiles.
1. Click
Profiles > IDS > Denial of Service > Rate Thresholds in the Aruba Navigation pane. This page
summarizes the current thresholds available.
2. Click the
Add button to create a new Rate Threshold, or click the pencil icon next to an existing
threshold to edit. The
Details page appears. Complete the settings as described in Table 34:
AP Flood Increase
Time
3 Sets the time, in seconds, during which a configured number of Fake AP
beacons must be received to trigger an alarm.
AP Flood Detection
Quiet Time
900 After an alarm has been triggered by a Fake AP flood, the time (in seconds)
that must elapse before an identical alarm may be triggered.
Detect EAP Rate
Anomaly
No Enables or disables Extensible Authentication Protocol (EAP) handshake
analysis to detect an abnormal number of authentication procedures on a
channel and generates an alarm when this condition is detected.
EAP Rate
Thresholds
60 Sets the number of EAP handshakes that must be received within the EAP
Rate Time Interval to trigger an alarm.
EAP Rate Time
Interval
3 Sets the time, in seconds, during which the configured number of EAP
handshakes must be received to trigger an alarm.
EAP Rate Quiet
Time
900 After an alarm has been triggered, sets the time (in seconds) that must
elapse before another identical alarm may be triggered.
Detect Rate
Anomalies
No Enables or disables detection of rate anomalies.
Detect 802.11n
40MHz Intolerance
Setting
Yes Enables or disables detection of 802.11n 40 MHz intolerance setting,
which controls whether stations and APs advertising 40 MHz intolerance
will be reported.
Client 40 MHz
Intolerance
Detection Quiet
Time
900 Controls the quiet time (when to stop reporting intolerant STAs if they have
not been detected), in seconds, for detection of 802.11n 40 MHz
intolerance setting.
Table 33 Aruba Configuration > Profiles > IDS > Denial of Service Profile Settings (Continued)
Field Default Description
To Next Page
Loading...
