Overview
20-24
20.1.19 ids
Wireless Configuration Commands
Use this command to configure Intrusion Detection System settings.
Syntax
ids(anomaly-detection|detect-window|ex-ops)
ids anomaly-detection(all|bad-essid-frame|beacon-broadcast-essid|
invalid-8021x-frame|invalid-frame-length|
invalid-frame-type|multicast-source|non-changing-wep-iv|
null-destination|same-source-destination|
tkip-countermeasures|unencrypted-traffic|
weak-wep-iv)(enable|filter-ageout)
ids detect-window<5-300>
ids ex-ops(80211-replay-fails|all|association-requests|
authentication-fails|crypto-replay-fails|decryption-fails|
disassociations|eap-naks|eap-starts|probe-requests|unassoc-frames)
(filter-ageout<0-86400>|threshold(mu|radio|switch)<0-9999>)
Parameters
anomaly-detection [options]
(enable|filter-ageout)
Configures parameters related to the detection of anomalous frames on the
RF network.
• all – Enables anomalous frames.
• bad-essid-frame <1-10> – Enables an AP detector to find frames with
bad ESSIDs.
• beacon-broadcast-essid – Enables an AP detector to find beacons with
broadcast ESSIDs.
• invalid-8021x-frame – Detects invalid 802.1x frames.
• invalid-frame-length – Detects invalid frame lengths.
• invalid-frame-type – Detects invalid frame types.
• multicast-source – Broadcast or multicast source.
• non-changing-wep-iv –Detects frames with non-changing WEP IV.
• null-destination – All zero's addess.
• same-source-destination – Identical source and destination addresses.
• tkip-countermeasures – Filters mobile units that cause tkip
countermeasures.
• unencrypted-traffic – Detects the presence of unencrypted-traffic .
• weak-wep-iv – Uses weak wep sequence numbers.
• enable – Enables monitoring and filtering.
• filter-ageout – Sets the number of seconds mobile units must be
filtered.
detect-window<5-300> Sets the number of seconds for gathering information for analysis. All the
thresholds are a function of this window size.
To Next Page
Loading...
