ids unauthorized-device-profile

Name that identifies an instance of the profile.

范围：1-63 characters

Default:

在使用有效的SSID检测到临时网络之后，可以在几秒钟内等待，然后可以恢复检查。

范围：60-360000 seconds

Default:900 seconds

允许具有已知MAC地址的设备来对Rogues AP进行分类。

Depending on your network, configure one or more of the following options for classifying rogue APs:

• hsrp: Routers configured for HSRP, a Cisco-proprietary redundancy protocol, with the HSRP MAC OUI 00:00:0c.
• iana：使用IANA MAC OUI 00：00：5E的路由器。
• 本地-MAC: Devices with locally administered MAC addresses starting with 02.
• vmware：带有以下任何VMware OUIS的设备：00：0C：29，00：05：69或00：50：56
• vmware1: Devices with VMWare OUI 00:0c:29.
• vmware2：带VMware OUI 00:05:69的设备。
• vmware3：带VMware OUI 00:50:56的设备。

If you modify an existing configuration, the new configuration overrides the original configuration. For example, if you configure允许孔已知的MAC HSRP和then configure允许井知道的麦克iana, the original configuration is lost. To add more options to the original configuration, include all of the required options, for example:允许孔已知的MAC HSRPiana.

Use caution when configuring this command. If the neighboring network uses similar routers, those APs might be classified as rogues. If containment is enabled, clients attempting to associate to an AP classified as a rogue are disconnected through a denial of service attack.

To clear the well known MACs in the system, use the following commands:

• clear wms wired-mac:This clears all of the learned wired MAC information on移动导体.
• 重新加载：重新启动移动导体.

List of valid 802.11a channels that third-party APs are allowed to use.

范围：34-165

List of valid 802.11b/g channels that third-party APs are allowed to use.

范围：1-14

Enables or disables rogue AP classification. A rogue AP is one that is unauthorized and plugged into the wired side of the network. Any other AP seen in the RF environment that is not part of the valid enterprise network is considered to be interfering — it has the potential to cause RF interference but it is not connected to the wired network and thus does not represent a direct threat.

现有IDS速率阈值的名称复制参数值的名称。

Enables or disables detection of ad hoc networks.

Enables or disables detection of ad hoc networks using valid or protected SSIDs.

Enables or disables detection of WEP initialization vectors that are known to be weak or repeating. A primary means of cracking WEP keys is to capture 802.11 frames over an extended period of time and search for implementations that are still used by many legacy devices.

Enables or disables detection of high-throughput devices advertising greenfield preamble capability.

Enables or disables checking of the first three bytes of a MAC address, known as the organizationally unique identifier (OUI), assigned by the IEEE to known manufacturers. Often clients using a spoofed MAC address do not use a valid OUI and instead use a randomly generated MAC address. Enabling MAC OUI checking causes an alarm to be triggered if an unrecognized MAC address is in use.

Enables or disables detection of misconfigured APs. An AP is classified as misconfigured if it is classified as valid and does not meet any of the following configurable parameters:

• valid channels
• encryption type
• list of valid AP MAC OUIs
• valid SSID list

Enables or disables detection of station association to rogue AP.

Enables or disables detection of unencrypted valid clients.

Enables or disables detection of misassociation between a valid client and an unsafe AP. This setting can detect the following misassociation types:

• MisassociationToRogueAP
• MisassociationToExternalAP
• 误导hohoneypotap
• MisassociationToAdhocAP
• 错误关联对托管

Enables or disables detection of Interfering or Neighbor APs using valid or protected SSIDs.

Enables or disables detection of Windows station bridging.

Enables or disables detection of wireless bridging.

If enabled, this feature can detect the presence of a wireless hosted network.

When a wireless hosted network is detected this feature sends a “Wireless Hosted Network” warning level security log message and thewlsxWirelessHostedNetworkDetectedSNMP陷阱。

If there are clients associated to the hosted network, this feature will send a “Client Associated To Hosted Network” warning level security log message and thewlsxClientAssociatedToHostedNetworkDetectedSNMP陷阱。

Time, in seconds, that must elapse after an invalid MAC OUI alarm has been triggered before another identical alarm may be triggered.

范围：60-360000 seconds

Default:900 seconds

否定任何配置的参数。

Enables or disables OUI based rogue AP classification.

Enables or disables overlay rogue AP classification.

Enables or disables encryption as a valid AP configuration.

Enables or disables rogue AP classification through propagated wired MACs.

Enable or disable advanced protection from open or WEP ad hoc networks. When enhanced ad hoc containment is carried out, a new repeatable event, syslog and SNMP trap will be generated for each containment event.

使用WPA或WPA2安全性启用或禁用免受临时网络的保护。当检测到临时网络时，使用DOS攻击禁用它们。

Enable or disable protection from ad hoc networks using valid or protected SSIDs.

Enable or disable protection of high-throughput (802.11n) devices.

Enable or disable protection of high-throughput (802.11n) devices operating in 40 MHz mode.

Enable or disable protection of misconfigured APs.

Enable or disable use of SSID by valid APs only.

When enabled, does not allow valid stations to connect to a non-valid AP.

Enable or disable protection of a windows station bridging

When you enable the wireless hosted network protection feature,移动导体enforces containment on a wireless hosted network by launching a denial of service attack to disrupt associations between a Windows 7 software-enabled Access Point (softAP) and a client, and disrupt associations between the client that is hosting the softAP and any access point to which the host connects.

When a wireless hosted network triggers this feature, wireless hosted network protection sends the Wireless Hosted Network Containment and
Host of Wireless Network Containment warning level security log messages, and thewlsxWirelessHostedNetworkContainment和wlsxHostOfWirelessNetworkContainmentSNMP陷阱。

NOTE:The existing generic containment SNMP traps and log messages will also be sent when Wireless Hosted Network Containment or Host of Wireless Network Containment is enforced.

When enabled, any valid AP that is not using WPA encryption is flagged as misconfigured.

Rogue APs can be detected (see classification) but are not automatically disabled. This option automatically shuts down rogue APs. When this option is enabled, clients attempting to associate to an AP classified as a rogue are disconnected through a denial of service attack.

Confidence level of suspected Rogue AP to trigger containment.

When an AP is classified as a suspected rogue AP, it is assigned a 50% confidence level. If multiple APs trigger the same events that classify the AP as a suspected rogue, the confidence level increases by 5% up to 95%.

结合怀疑的流氓遏制，此选项配置应遏制的阈值。仅当达到配置的置信度水平时，可疑的流氓遏制才会发生。

范围：50-100%

Default:60%

怀疑的流氓AP被视为干扰AP，从而移动导体attempts to reclassify them as rogue APs. Suspected rogue APs are not automatically contained. In combination with the configured confidence level (see suspect-rogue-conf-level), this option contains the suspected rogue APs.

Time to wait, in seconds, after detecting an unencrypted valid client after which the check can be resumed.

范围：60-360000 seconds

Default:900 seconds

List of valid and protected SSIDs.

有效的Mac OUIS列表。

List of MAC addresses of wired devices in the network, typically gateways or servers.

Time, in seconds, that must elapse after a wireless bridge alarm has been triggered before another identical alarm may be triggered.

范围：60-360000 seconds

Default:900 seconds