|
Name that identifies an instance of the profile. The name must be 1-63 characters. Default:default |
adhoc-ap-inactivity-timeout |
Ad hoc (IBSS) AP inactivity timeout, in number of scans. Range:5-36000 seconds Default:5 seconds |
adhoc-ap-max-unseen-timeout |
Ageout time, in seconds, since ad hoc (IBSS) AP was last seen. Range:5-36000 seconds Default:5 seconds |
ap-inactivity-timeout |
Time, in seconds, after which an AP is aged out. Range:5-36000 seconds Default:5 seconds |
ap-max-unseen-timeout |
Ageout time, in seconds, since AP was last seen. Range:5-36000 seconds Default:600 seconds |
ap-nbr-msg |
Enables or disables AP neighbor messages. Default:disabled |
ap-nbr-msg-interval |
Interval, in seconds, at which an AP delivers AP neighbor messages to the management server. Range:1-36000 seconds Default:1 second |
clone |
Name of an existing IDS general profile from which parameter values are copied. |
frame-types-for-rssi all ba ctrl dhigh dlow dnull mgmt pr |
Select frame types to be used in AM RSSI calculation. Frame types:
- all—All types of frames. This frame type overrides any other frame types.
- ba—Block ACK frame types.
- ctrl—All control frames except ACK.
- dhigh—Data frames more than 36 Mbps except null data frames.
- dlow少拼帧than 36 Mbps except null data frames.
- dnull—Null data frames.
- mgmt—All management frames except probe request.
- pr—Probe request frames.
NOTE:Configure this parameter under the supervision ofArubaTechnical Support. Default:ba, ctrl, dlow, dnull, mgmt, pr |
ids-events logs-and-traps logs-only none traps-only] |
Enables or disables IDS event generation from the AP. Event generation from the AP can be enabled for syslogs, traps, or both. This does not affect generation of IDS correlated events on the switch. Default:logs-and-traps |
max-monitored-devices |
Maximum number of APs and stations that can be monitored. This number does not include stations that are not associated to any AP. Within this max value, the AP reserves a buffer for stations that are associated locally. Configure this parameter under the supervision ofArubaTechnical Support. Range:1024-4096 Default:1024 or 4096, depending on the AP platform. |
max-unassociated-stations |
Maximum number of unassociated stations. NOTE:Configure this parameter under the supervision ofArubaTechnical Support. Range:256-4096 Default:512 |
min-pot-ap-beacon-rate |
Minimum beacon rate acceptable from a potential AP, in percentage of the advertised beacon interval. Range:0-100% Default:25% |
min-pot-ap-monitor-time |
Minimum time, in seconds, a potential AP has to be up before it is classified as a real AP. Range:2-36000 seconds Default:2 seconds |
mobility-manager-rtls |
Enables or disables RTLS communication with the configured mobility-manager. Default:disabled |
mon-stats-update-interval |
Time interval, in seconds, for the AP to update the switch with stats for monitored devices. Range:60-36000 seconds Default:60 seconds |
no |
Negates any configured parameter. |
packet-snr-threshold |
Sets the packet SNR threshold. All packets with SNR below this threshold is dropped from IDS and ARM processing. No packets are dropped if the threshold is set to 0. NOTE:Configure this parameter under the supervision ofArubaTechnical Support. Range:0-90 dB Default:0 |
send-adhoc-info-to-controller |
Enables or disables sending ad hoc information to thecontrollerfrom the AP. Default:disabled |
signature-quiet-time |
After a signature match is detected, the time to wait, in seconds, to resume checking. Range:60-36000 seconds Default:900 seconds |
sta-inactivity-timeout |
Time, in seconds, after which a station is aged out. Range:30-36000 seconds Default:60 seconds |
sta-max-unseen-timeout |
Ageout time, in seconds, since station was last seen. Range:5-36000 seconds Default:600 seconds |
sta-rssi-msg |
Enables or disables station RSSI messages. Default:disabled |
sta-rssi-msg-interval |
Interval, in seconds, at which the AP delivers station RSSI messages to the management server. Range:1-36000 Default:1 second |
stats-update-interval |
Interval, in seconds, for the AP to update thecontrollerwith statistics. Range:60-36000 seconds Default:60 seconds |
unclass-ap-update |
Enables or disables classification updates for monitored APs. If this option is enabled, there is a decrease in the delay with which the devices are classified. Default:disabled |
unclass-device-update-interval |
The time interval, in seconds, for the AP to send the WMS a list of unclassified APs and clients. Range:30-36000 seconds Default:60 seconds |
unclass-sta-update |
Enables or disables classification updates for monitored clients. If this option is enabled, there is a decrease in the delay with which the devices are classified. Default:disabled |
wired-containment
|
Enables or disables containment from the wired side. Default:disabled |
wired-containment-ap-adj-mac |
Enables or disables wired containment of MACs offset by one from APs BSSID. Default:disabled |
wired- containment-susp-l3-rogue |
The basic wired containment feature enabled using the命令包含第三层APs的连接接口MAC addresses are either the same as (or one character off from) their BSSIDs. This feature can also identify and contain an AP with a preset wired MAC address that is completely different from the AP’s BSSID if the MAC address that the AP provides to wireless clients as the ‘gateway MAC’ is offset by one character from its wired MAC address. NOTE:This feature requires that the followingparameter in the ids general-profile is also enabled, and that the confidence level of the suspected rogue exceeds the level configured by theandparameters in the ids unauthorized-device-profile. |
wireless-containment |
Selects one of the following containment types from the wireless side:
- deauth-only: Containment using deauthentication only.
- none: Disables wireless containment.
- tarpit-all-sta: Wireless containment by tarpit of all stations.
- tarpit-non-valid-sta: Wireless containment by tarpit of non-valid clients.
|
wireless-containment-deauth-reason |
Specify the deauth reason for containment from the wireless side. Range: 1 - 134. Default: 3 |
wireless-containment-debug |
Enables or disables debugging of containment from the wireless side. Enabling this debug option will cause containment to not function properly. |
