Security Configuration 8 - 37
Use the Enable All button to enable all Excessive Action Events. Use Disable All button to disable all Excessive Action
Events.
12. Select OK to save the updates to the to Excessive Actions configuration used by the WIPS policy. Select Reset to revert to
the last saved configuration. The WIPS policy can be invoked at any point in the configuration process by selecting Activate
Wireless IPS Policy from the upper, left-hand side, of the access point user interface.
13. Select the MU Anomaly tab. Ensure the Activate Wireless IPS Policy option remains selected to enable the screen’s
configuration parameters.
Figure 8-22 Wireless IPS screen - WIPS Events - MU Anomaly tab
MU Anomaly events are suspicious events by wireless clients that can compromise the security and stability of the network.
Use the MU Anomaly screen to set the intervals clients can be filtered upon the generation of each event.
Filter Expiration Set the duration an event generating client is filtered. This creates a special ACL entry,
and frames coming from the client are dropped. The default setting is 0 seconds.
This value is applicable across the RF Domain. If a station is detected performing an attack
and is filtered by an access point, the information is passed to the domain controller. The
domain controller then propagates this information to all the access points in the RF
Domain.
Client Threshold Set the client threshold after which the filter is triggered and an event generated.
Radio Threshold Set the radio threshold after which an event is recorded to the event history.
To Next Page
Loading...
