Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
331332333334335336337338339340
Intrusion Detection Configuration 313
Chapter 15
FIGURE 15-5 Detect Station Disconnection
Configuration parameters are:
Enable Disconnect Station Analysis – Enables or disables the feature
Disconnect Station Detection Quiet Time – After a station disconnection is
detected, the amount of time that must pass before another identical alarm
can be generated.
Equivalent CLI configuration for the above example is:
wms
ids-policy dsta-check enable
ids-policy dsta-quiet-time 900
FIGURE 15-6 Disconnect Station Settings
EAP Handshake Analysis
EAP (Extensible Authentication Protocol) is a component of 802.1x used for
authentication. Some attacks, such as “ASLEAP” (used to attack Cisco LEAP)
send spoofed deauthenticate messages to clients in order to force the client
to re-authenticate multiple times. These attacks then capture the
authentication frames for offline analysis. EAP Handshake Analysis detects a
client performing an abnormal number of authentication procedures and
generates an alarm when this condition is detected. To configure EAP
Handshake Analysis, navigate to
Configuration > Wireless LAN Intrusion Detection
> Man-in-the-Middle > EAP Handshake
, as shown in the figure below.