Security Configuration 8 - 31
12. Select OK to save the updates to the to Excessive Actions configuration used by the WIPS policy. Select Reset to revert to
the last saved configuration. The WIPS policy can be invoked at any point in the configuration process by selecting Activate
Wireless IPS Policy from the upper, left-hand side, of the access point user interface.
13. Select the MU Anomaly tab. Ensure the Activate Wireless IPS Policy option remains selected to enable the screen’s
configuration parameters.
Figure 8-19 Wireless IPS screen - WIPS Events - MU Anomaly tab
Enable Displays whether tracking is enabled for each event. Use the drop-down menu to enable/
disable events as required. A green checkmark defines the event as enabled for tracking
against its threshold values. A red “X” defines the event as disabled and not tracked by
the WIPS policy. Each event is disabled by default.
Filter Expiration Set the duration an event generating client is filtered. This creates a special ACL entry,
and frames coming from the client are dropped. The default setting is 0 seconds.
This value is applicable across the RF Domain. If a station is detected performing an attack
and is filtered by an access point, the information is passed to the domain controller. The
domain controller then propagates this information to all the access points in the RF
Domain.
Client Threshold Set the client threshold after which the filter is triggered and an event generated.
Radio Threshold Set the radio threshold after which an event is recorded to the event history.
To Next Page
Loading...
