Network Router User Manual
Table Of Contents
- About This Document
- Introduction
- Common Commands
- In this chapter
- Common commands
- show
- autoinstall
- banner
- commands
- crypto
- environment
- history
- interfaces
- ip
- ldap
- licenses
- logging
- mac
- mac-address-table
- management
- mobility
- ntp
- port-channel
- power
- privilege
- radius
- redundancy dynamic-ap-load-balance
- redundancy group
- redundancy history
- redundancy members
- rtls
- smtp-notification
- snmp
- snmp-server
- spanning-tree
- static-channel-group
- terminal
- timezone
- traffic-shape
- users
- version
- wireless
- (config-wireless) Executable Mode
- wlan-acl
- access-list
- aclstats
- alarm-log
- boot
- clock
- debugging
- dhcp
- file
- ftp
- password-encryption
- running-config
- securitymgr
- sessions
- startup-config
- upgrade-status
- mac-name
- firewall
- role
- virtual-IP
- wwan
- aap-wlan-acl
- aap-wlan-acl-stats
- protocol-list
- service-list
- User Exec Commands
- Privileged Exec Commands
- Global Configuration Commands
- In this chapter
- Global Configuration commands
- aaa
- access-list
- autoinstall
- banner
- boot
- bridge
- country-code
- crypto
- do
- end
- errdisable
- ftp
- hostname
- interface
- ip
- license
- line
- local
- logging
- mac
- mac-address-table
- mac-name
- management
- ntp
- prompt
- radius-server
- ratelimit
- redundancy
- role
- rtls
- service
- smtp-notification
- snmp-server
- spanning-tree
- timezone
- traffic-shape
- username
- vpn
- wireless
- wlan-acl
- network-element-id
- firewall
- virtual-ip
- wwan
- aap-wlan-acl
- arp
- power
- aap-ipfilter-list
- whitelist
- Crypto-isakmp Instance
- Crypto-group Instance
- Crypto-peer Instance
- Crypto-ipsec Instance
- Crypto-map Instance
- Crypto-trustpoint Instance
- Interface Instance
- Spanning tree-mst Instance
- Extended ACL Instance
- Standard ACL Instance
- Extended MAC ACL Instance
- DHCP Server Instance
- DHCP Class Instance
- Radius Server Instance
- Wireless Instance
- In this chapter
- Wireless configuration commands
- aap
- admission-control
- adopt-unconf-radio
- adoption-pref-id
- ap
- ap-containment
- ap-detection
- ap-image
- ap-ip
- ap-standby-attempts-threshold
- ap-timeout
- ap-udp-port
- auto-select-channels
- broadcast-tx-speed
- client
- clrscr
- cluster-master-support
- convert-ap
- country-code
- debug
- dhcp-one-portal-forward
- dhcp-sniff-state
- dot11-shared-key-auth
- end
- exit
- fix-broadcast-dhcp-rsp
- help
- hotspot
- load-balance
- mac-auth-local
- manual-wlan-mapping
- wireless-client
- mobility
- multicast-packet-limit
- multicast-throttle-watermark
- nas-id
- nas-port-id
- no
- proxy-arp
- qos-mapping
- radio
- rate-limit
- secure-wispe-default-secret
- self-heal
- sensor
- service
- show
- smart-rf
- smart-scan-channels
- wlan
- wlan-bw-allocation
- dot11k
- wips
- non-preferred-ap-attempts-threshold
- test
- RTLS Instance
- ESPI Instance
- RFID Instance
- SOLE Instance
- Smart RF Instance
- Role Instance
- AAP IP Filtering
702 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
Wireless configuration commands
20
Example
RFController(config-wireless)#wips event 80211-replay-check-failure enable
authorized
RFController(config-wireless)#
RFController(config-wireless)#wips event fake-ap-flood threshold 88
RFController(config-wireless)#
RFController(config-wireless)#wips event ad-hoc-advertising-authorized-ssid
filter-ageout 9
RFController(config-wireless)#
wips events
[identical-source-and-destina
tion-addresses |
impersonation-attack-detect
ed|non-changing-wep-iv|rep
lay-injection-attack |
suspicious-ap-high-rssi|tkip-
mic-counter-measures-cause
d-by-station
|transmitting-device-using-in
valid-mac
|unauthorized-ap-using-auth
orized-ssid|unencrypted-stat
ion-transmission-detected]
{enable|filter-out|threshold}
{authorized|ignored|unauth
orized}
• fake-ap-flood– Detects suspected ap flood (based on number
of APs observed in a minute)
• frames-from-unassociated-stations – Detects frames from
unassociated stations
• frames-with-bad-essids – filter-ageout <1-86400> – Detects
filters age-out duration for the mobile unit frames with bad
essids
• fuzzing-all-zero-mac-address-observed– Fuzzing: All zero MAC
address Observed
• fuzzing-invalid-frame-type-detected– Fuzzing: Invalid Frame
Type Detected
• fuzzing-invalid-management-frame – Fuzzing: Invalid
Management Frame
• fuzzing-invalid-sequence-number – Fuzzing: Invalid Sequence
Number
• identical-source-and-destination-addresses – Detects
identical source and destination addresses
• impersonation-attack-detected – Detects impersonation
attack
• invalid-8021x-frames – Detects invalid 802.1X frames
• non-changing-wep-iv – Detects non-changing wepiv
• replay-injection-attack – Detects replay injection attack
• suspicious-ap-high-rssi – Detects suspicious ap -high rssi
• tkip-mic-counter-measures-caused-by-station – Filters mobile
units causing tkip mic counter measures
• transmitting-device-using-invalid-mac – Detects transmitting
device using invalid MAC
• unauthorized-ap-using-authorized-ssid – Detects
unauthorized ap using authorized ssid
• unencrypted-station-transmission-detected – Detects
unencrypted wired leakage
For the above parameters, the following values are set.
• enable – Enables monitoring, filtering and triggering
alarms
• filter-ageout <ageout> – Sets the number of seconds
mobile units are filtered in the range <1-86400>
• threshold<1-65535> – Configures the threshold of
events allowed in the detection window
• authorized – Triggers against authorized devices
• ignored – Triggers against ignored devices
• unauthorized – Triggers against unauthorized
devices
reset-to-default Reset to default settings