Release Notes
377 | ids impersonation-profile Dell Networking W-Series ArubaOS 6.4.x| Reference Guide
ids impersonation-profile
ids impersonation-profile <name>
ap-spoofing-quiet-time
beacon-diff-threshold <percent>
beacon-inc-wait-time <seconds>
beacon-wrong-channel-quiet-time
clone <profile>
detect-ap-impersonation
detect-ap-spoofing
detect-beacon-wrong-channel
detect-hotspotter
hotspotter-quiet-time
no ...
protect-ap-impersonation
Description
This command configures anomalies for impersonation attacks.
Syntax
Parameter Description Range Default
<profile>
Name that identifies an instance of the
profile. The name must be 1-63
characters.
— “default”
ap-spoofing-quiet-tim
Time to wait in seconds after detecting AP
Spoofing after which the check can be
resumed. Minimum is wait time is 60.
60
seconds
beacon-diff-threshold
Percentage increase in beacon rates that
triggers an AP impersonation event.
0-100 50%
beacon-inc-wait-time
Time, in seconds, after the beacon
difference threshold is crossed before an
AP impersonation event is generated.
— 3
seconds
beacon-wrong-channel-quiet-time
Time to wait, in seconds, after detecting a
beacon with the wrong channel after
which the check can be resumed.
60-
360000
seconds
900
seconds
clone
Name of an existing IDS impersonation
profile from which parameter values are
copied.
— —
detect-ap-impersonation
Enables detection of AP impersonation. In
AP impersonation attacks, the attacker
sets up an AP that assumes the BSSID
and ESSID of a valid AP. AP impersonation
attacks can be done for man-in-the-
middle attacks, a rogue AP attempting to
bypass detection, or a honeypot attack.
— true
detect-ap-spoofing
Enable/disable AP Spoofing detection — enable