Specifications
OmniAccess Reference: AOS-W System Reference
308 Part 031652-00 May 2005
Mark All New APs as Valid – When installing an Alcatel switch in an
environment with an existing 3
rd
-party wireless network, it is necessary to
manually classify existing enterprise APs as valid – a time-consuming process
if a large number of APs are installed. Enable this option to mark all detected
APs as valid. Leave this option enabled until all enterprise APs have been
detected and classified as valid. After this process has completed, disable this
option and re-classify any unknown APs as interfering.
Mark Unknown APs as Rogue – In an environment where no interfering APs
should exist—for example, a building far away from any other buildings or an
RF shielded building —enable this option to turn off the classification process.
Any AP detected that is not classified as valid will be marked as rogue.
N
OTE—Note: Use caution when enabling both “Mark Unknown APs as Rogue”
and “Disable Users from Connecting to Rogue APs”. If the system is
installed in an area where APs from neighboring locations can be detected,
these two options will disable all APs in the area.
The equivalent CLI configuration for the able example is:
wms ap-policy protect-unsecure-ap enable
wms ap-policy learn-ap disable
wms ap-policy classification enable
Denial of Service
Denial of Service attack detection encompasses both rate analysis and
detection of a specific DoS attack known as FakeAP.
Rate Analysis
Many DoS attacks flood an AP or multiple APs with 802.11 management
frames. These can include authenticate/associate frames, designed to fill up
the association table of an AP. Other management frame floods, such as probe
request floods, can consume excess processing power on the AP. To
configure rate analysis, navigate to
Configuration > Wireless LAN Intrusion
Detection > Denial Of Service > Rate Analysis
as shown in the figure below.